Update 2:23pm PT: Google Docs says it has shut down the fast-spreading phishing attack, tweeting out an official statement Wednesday afternoon that it's taken the necessary steps to protect users:
"We have taken action to protect users against an email impersonating Google Docs & have disabled offending accounts," Google says. "We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing email in Gmail."
We recommend staying vigilant, however, and continue to report suspicious emails to Google. We'll keep an eye on the situation and report on any further developments.
Original story below…
If you've received a suspicious invitation to a share a Google Doc with you today, don't click through the link!
Google Docs users, including yours truly, are receiving unexpected invites to view shared files. The invitation looks like a standard Google Doc invite in Gmail, but it is actually a fake posing as one in an effort to get into your email.
I received an invitation that appeared to be from a real contact, though this person has never shared a Google Doc with me before, I don't communicate with regularly, and has no known reason to share a Google Doc with me, to give you an idea of what set off my alarms.
Another red flag, which other Gmail users are reporting, is the sender's email address: 'email@example.com'. Invite recipients are BCC'd in the email.
Google is aware of the issue, and is encouraging users not to click through and to report the email as a phishing attempt within Gmail. You can do so by clicking on the drop down menu in the upper right-hand corner of the email, then select 'Report Phishing.'
What happens if I click through to the Google Doc?
The attack appears to be quite sophisticated, and reddit user JakeSteam (via Motherboard) explained just what happens if you do click through the link.
After clicking through, you're asked to select your Google account from an account selection page. No password is required, the JakeSteam said, and once logged in, you're asked to let the Google Docs app access your account.
This Google Docs app is fake, however, but now it has access to your entire Gmail account. Accessing your contacts, the attackers can then send out more phishing emails, their hooks spreading like wildfire.
What should I do if I clicked through?
If you clicked through the Google Docs invite, head to this page: https://myaccount.google.com/permissions.
If you see a 'Google Docs' app in your permissions, this is the malicious app. You can verify this by the checking the 'Authorization Time', Motherboard recommends, which should be from today. You can revoke access by removing this Google Docs app from your permissions.
Phishing attacks are never pleasant, but by staying vigilant and going with your gut on suspicious emails, you can better protect yourself against future scams.
- The best free security software