There has been a phishing email circulating from google users which has aggressively circulated online. It contains an invite to edit a Google Doc, and which seems to have spread rapidly. Users were taken to a legitimate google sign-in screen if they click it to try and edit.
This nefarious google scam appears to have spread worldwide and had landed in user inboxes since Wednesday. Apparently, this is a a sophisticated phishing or malware attack on unsuspecting victims.
Although it looks legitimate, this deceptive invitation to edit a Google Doc, before anything is processed normally as a legitimate sign-in, if the user clicks on “Open in Docs”, it would take you to a legitimate sign-in screen. Behind the scene, clicking on the link grants permissions to a bogus third-part app to possibly access email and contacts which would restart the cycle of the spam to spread to all the contact list.
Google has said it is aware of the issue and investigating it. The company encouraged users to report the email as phishing within Gmail.
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” a spokesperson said in a statement. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”
The company did not immediately respond to requests for comment on how many people had been affected by the attack and where it may have originated.
Numerous journalists have reported receiving the phishing email, including multiple Guardian reporters. One message to the Guardian came from a maryland.gov account associated with law enforcement and was addressed to “firstname.lastname@example.org”, and blind-copied the reporter. Reporters at BuzzFeed, Hearst, New York Magazine, Vice and Gizmodo Media have also reported receiving the scam.
Believe it or not, this Google doc scam has even reached our own inbox, the sample picture above shows the exact message we received.
Phishing scams typically involve emails, ads or websites that appear to be real and ask for personal information, such as usernames, passwords, social security numbers, bank account data or birthdays. Google says it does not send out emails asking for this type of data and encourages users not to click on any links and to report suspicious messages.
It does not only serve as a regular phishing scam, it also takes credentials and works within Google’s framework and system using a 3rd party web app also.
FYI. If a user has already granted permission though the phishing email, they just have to revoke the app from their settings.