There’s a big Google Docs phishing scam making the rounds right now, and it’s particularly effective as evidenced by how many people’s accounts have already been forced to propagate it to their contacts. The best thing to do, of course, is not click on it, but this is a particularly tricky one that may have fooled even savvy web users, so here’s what to do if you’re one of them.
The scam email comes in looking like it provides access to a Google doc, possibly from someone you know who already fell victim. The “to” line is the best giveaway that it’s a fake, thanks to how it displays a string of letters like “hhhhhhhhhhhhhhhh.” Otherwise, the email is empty, so just don’t accept any Google docs without knowing who they’re coming from and why.
If you already clicked it, first you’ll probably want to tell as many people as you can not to open the doc contained in the email your account was forced to send out, but it seems Google has already started alerting people to the scam. The goal here was getting account permissions to your Gmail, so the next thing you’re going to want to do is go to your Google account settings and remove the malicious app (which should be listed as “Google Docs”) from your permissions. Here’s how it requested permissions to “read, send, delete, and manage your email”:
— Zach Latta (@zachlatta) May 3, 2017
If you were affected, I’d also recommend taking the extra step of changing your password and then logging out any other instances of your account aside from the one you’re using, just for safety, even though it appears this attack didn’t actually take any login information.
To do that, scroll down and look in the bottom right corner of your inbox, where there should be a link that says “details” underneath the log of your last account activity. When you click that, it opens a separate window, where you can click a button to log every other instance of your Gmail account out, leaving you as the sole user with your brand new login credentials. It would also be as good a time as any to enable two-factor authentication on your account (though it appears that wouldn’t have stopped this), as well as change the password and increase security on any account that may be accessible through information contained in your emails.
It’s also possible you might need to take additional steps, on a user-by-user basis, depending on what, if any, information the malicious app took from users’ emails. If any additional information becomes available on what data may be at risk and what to do about it, we’ll keep you updated.
[UPDATE: It seems no further steps are necessary, as Google told Engadget, “We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”]
Stay safe out there.
Want more stories like this? Become a subscriber and support the site!
—The Mary Sue has a strict comment policy that forbids, but is not limited to, personal insults toward anyone, hate speech, and trolling.—
Have a tip we should know? [email protected]