A Google Docs phishing scheme is taking the internet by storm this week. A client of ours received an email from one of their colleagues similar to the screenshot below.
We have also seen several people posting on Facebook about the scheme, stating: “If you have received an email from me sharing a Google Doc with you, don’t open. My email address has been hacked.”
The subject of these phishing emails will be somewhere along the lines of “John Smith has shared a document on Google Docs with you.” What’s very convincing about this phishing campaign is the individual you are receiving the email from is likely someone you know.
What Happens if I Open the Document?
If you click on the link, it asks for some access permissions to your Gmail account, which an actual Google Docs link would not need. If you grant the permissions, the program will then spam everyone in your contacts with a link to the same Google Docs file. This same process occurs over and over, which is why the phishing campaign has spread so quickly.
It’s unknown what the campaign actually accomplishes, other than spamming everyone with the same email. However, it’s not the first time a Google Docs phishing campaign has occurred. The difference with this campaign is that it only asks for permissions. Campaigns in the past have prompted users to enter their password.
What Should I Do If I Receive this Email?
It’s pretty simple. If you have received an email stating “John Smith (or someone you know) has shared a document on Google Docs with you;” delete it immediately. If you read this after you have already opened the document and granted access permissions, follow the steps below:
- Go to your Gmail account’s permissions settings at:google.com/permissions
- Remove permissions for ‘Google Docs,’ the name of the phishing campaign
Once you have done this, the emails should stop coming from your account. However, this doesn’t mean you will stop receiving emails from individuals who have you in their contacts.