A very convincing Google Docs phishing scheme is racing around the internet right now, which means you should avoid clicking any weird Google Docs that have been emailed to you recently — even if it’s from someone you know. It’s spreading incredibly quickly:
If you click the link, it asks for some access permissions to your Gmail account (which actual Google Docs links would not need), and then spams everyone in your contacts with a link to a Google Docs file. They, in turn, email everyone in their contacts, and so on. All of them seem to include the email address “email@example.com.”
What exactly the phishing accomplishes in unknown, but there’s an excellent explanation of how it works on Reddit:
It’s not the first time Google Docs has been used like this. There were widespread Google Docs email scams in 2014, 2015, 2016 — if you stare hard at those numbers, you can almost see a pattern forming. This one does seem to be more subtle and advanced; it only asks for permissions, not that users enter their password. It’s also widespread — hitting media organizations, technology companies, and entire schools:
If, by chance, you received this email and clicked on the link, here’s what you need to do:
1. Go to your Gmail account’s permissions settings at https://myaccount.google.com/permissions.
2. Remove permissions for “Google Docs,” the name of the phishing scam.
I’ve emailed a few cybersecurity people and Google to ask what’s up, and will update with responses. The Electronic Frontier Foundation has confirmed that it’s a “credential hacking” attack that gives itself the ability to spam your contacts, but not malware that affects your entire computer — which means that as long as you remove any permissions you gave it, you’re safe.
Meanwhile, if you do get a random Google Docs link, here’s what to do:
Stay safe out there.
- Did Melania Trump Just Sub-Fave Her Husband?
- ‘TAke a look, y’all’: One Blogger’s Hunt for IMG_4346.jpeg
- The ‘Lesbian Chinese Billionaires’ Everyone Is Sharing Is Actually K-pop Fanfiction
- These Tweets Will Make You Very Glad That You Didn’t Spend Thousands of Dollars to Get Stranded in the Bahamas
- The Abusive ‘Pranks’ of YouTube Family Vloggers