Back in 2014, a convincing Google Phishing scam hit the inboxes of millions of people. This phishing scam was cloaked as shared files on Google Docs, with a link to edit/view the document. Clicking on the document would bring up a very convincing login screen – which was, in fact, not associate with Google at all.
Today, it seems that this phishing scam has resurfaced, and is primarily affecting users who use Google as their mail server. This new scam is circulating the internet at lighting speed right now.
The subject line of these e-mails is, “XXXXX XXXXXX has shared a document on Google Docs with you”, and the body includes a button that says, “Open in Docs”.
How to Recognize the Phishing E-mails?
The e-mail message may look like it is coming from Google but there are a few very easy to recognize warnings that this is a scam.
- First, notice the “To” field: firstname.lastname@example.org – this is the first indication that the message is fake.
- Second, your e-mail address appears in the BCC field.
What Does a Real Shared Google Doc E-mail Look Like?
A legitimate e-mail, from Google Docs, informing you of a shared file should look something like this:
A few key differences in the real e-mail, from the phishing e-mail:
- The subject line is different. Google Docs subject lines currently follow the format: “Document Name – invitation to view/edit”
- Your e-mail address should appear in the “To” field, not the “BCC” field
- The subject of the e-mail contains Google Branding.
Oops, I Clicked! Now What?
First and foremost: if you aren’t expecting to receive an attachment, even a shared document, do not open it. Ever.
But, we all make mistakes. So, you clicked on the link. Now what?
The first thing you should do, which we recommend to everyone who has been affected by a phishing scam or virus, is reset your password on Google and all Goggle-affiliated websites.
Next, you may want to visit your Google Account Permissions (https://myaccount.google.com/permissions), and review the permissions that have been granted to various apps. This scam is masquerading as a “Google Doc” app – which, though it looks official, is not actually managed by Google. If you see this app in your list of Authorized Apps, you will want to remove it immediately.
Next, we generally recommend running a virus scan on your computer after clicking on any questionable link.
Password Security and Regular Malware Scans
We always recommend that you take every effort to keep your account safe, by choosing secure passwords (and changing them on a regular basis!) and running regular virus/malware scans on your computer. If you have other questions about internet security, please post them in the comments below and we are happy to help answer what we can!