U.S. Markets close in 3 hrs 6 mins

Hey: Don’t Click That Weird Google Docs Link You Just Got (and Tell Your Mom Not to Click, Either)

Jake Swearingen

A very convincing Google Docs phishing scheme is racing around the internet right now, which means you should avoid clicking any weird Google Docs that have been emailed to you recently — even if it’s from someone you know. It’s spreading incredibly quickly:

If you click the link, it asks for some access permissions to your Gmail account (which actual Google Docs links would not need), and then spams everyone in your contacts with a link to a Google Docs file. They, in turn, email everyone in their contacts, and so on. All of them seem to include the email address “hhhhhhhhhhhhhhhh@mailinator.com.”

What exactly the phishing accomplishes in unknown, but there’s an excellent explanation of how it works on Reddit:

It’s not the first time Google Docs has been used like this. There were widespread Google Docs email scams in 2014, 2015, 2016 — if you stare hard at those numbers, you can almost see a pattern forming. This one does seem to be more subtle and advanced; it only asks for permissions, not that users enter their password. It’s also widespread — hitting media organizations, technology companies, and entire schools:

If, by chance, you received this email and clicked on the link, here’s what you need to do:

1. Go to your Gmail account’s permissions settings at https://myaccount.google.com/permissions.

2. Remove permissions for “Google Docs,” the name of the phishing scam.

I’ve emailed a few cybersecurity people and Google to ask what’s up, and will update with responses. The Electronic Frontier Foundation has confirmed that it’s a “credential hacking” attack that gives itself the ability to spam your contacts, but not malware that affects your entire computer — which means that as long as you remove any permissions you gave it, you’re safe.

Meanwhile, if you do get a random Google Docs link, here’s what to do:

Stay safe out there.

Related Articles