PSA: Beware Of The Google Docs Phishing Scam

Earlier this afternoon a Google Docs phishing scam spread like wildfire across the internet, reports piled in on Twitter and Reddit of the phishing scam and it’s details.

The phishing scam starts with an email sent to your G-Mail account inviting you to edit a document on Google Docs and will most likely look like it is coming from someone you know or have emailed with before. Your first reaction would probably be to click right through and take a look at the document so you can see what your friend or co-worker needs help with. However once you start down that process you’ll see it’s not your typical Google Doc.

Photo courtesy of TheVerge.com

While normally the link would take you right to the google doc you’re trying to access, the phishing scam takes you to a different screen where the actual phishing application which is masked as “Google Docs” requests access to your accounts. If you click allow here then they got you. The legitimate Google Docs would not need to request access to your Google account as it’s an official Google application that already has access to your account. You can see in the image below that the “Google Docs” application is clearly not legitimate when you hover over it as the developer information is associated with a random gmail address.

Photo courtesy of TheVerge.com

Google has reportedly put a fix in place very quickly for this and is now auto flagging emails that come in through this attack. Cloudflare has also reported they have taken the domains offline the hackers were using. If you see this email come in make sure to not click on it and report it to Google for phishing.

I already clicked the link; what now?

If you clicked all the way through the phishing attack and gave the application access to your Google account, you can remove the applications access to your account by going to the link here: https://security.google.com/settings/security/permissions and removing permission from the application called “Google Docs”. This will remove their access to your account.

Photo courtesy of TheVerge.com

Remember to stay vigilant against against phishing attacks of all shapes and sizes. PC Matic customers can also take advantage of the free KnowBe4 security awareness training that comes with each PC Matic purchase. If you need help accessing this please contact our support team at pcmatic.com/help and they will help you get access to the online course.

 

h/t TheVerge.com

 

 

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles