A sophisticated phishing scam disguising itself as a link to a Google Doc is currently making its way through email.
Those targeted by the scam will receive an email for a Google Doc invitation from a person they’ve messaged in the past. However, when the target tries to access the email, it spreads the scam to every person the target has ever messaged.
According to BuzzFeed technology reporter Joe Bernstein, the scam will not infect computers with malware, but it will leave your Google account open to hackers. Those who have fallen for the scam should change their passwords and revoke permission to the Google Docs app. Google users can revoke permission to the Google Docs app by going to myaccout.google.com/permissions and deleting any suspicious looking apps, including Google Docs.
It’s not clear who perpetrated the phishing scam, or the scale of the attack beyond credential hijacking.
New Google Docs phishing scam, almost undetectable from google
@zeynep Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX
— Zach Latta (@zachlatta) May 3, 2017
@Bernstein@EFF This is not quite correct. You should revoke permission for the "Google Docs" app that you have granted by clicking on the link.
— Eva (@evacide) May 3, 2017
Alex Hider is a writer for the E.W. Scripps National Desk. Follow him on Twitter @alexhider.