Worm-Like Phishing Scam Targets Google Docs

A malicious email has been making the rounds as of late, tricking even savvy users into giving hackers full access to their email accounts. Those affected should go through a security checkup set up by Google to ensure good riddance.

The phishing scheme, confirmed and reportedly addressed by the Internet giant, disguises itself as a regular email from someone you know. It includes a Google Docs link that, if clicked, gives hackers full access to your Gmail account. Here’s where it gets nasty. Like a worm, the fake Google Docs app then uses your account to send the same email to all your contacts, expanding the attack.

“We’ve addressed the issue with a phishing email claiming to be Google Docs, Google tweeted soon after learning of the scam. If you think you were affected, visit http://g.co/SecurityCheckup

The company is offering support to everyone who might be affected via its Google Docs Twitter page. Because of the persuasiveness of the email, victims could number in the millions.

If the malicious email has somehow made it into your inbox, look for a subject line that says “[sender] has shared a document on Google Docs with you” and delete it. If you have already accessed the link inside and granted Google Docs access to “read, send and delete emails, as well access to your contacts,” the hackers likely have you on file.

But it’s not too late to sever their ties to your account; you can simply revoke permissions for the fraudulent “Google Docs” app. Go to https://myaccount.google.com/permissions, find the app called “Google Docs,” and revoke all permissions. For the record, Google Docs shouldn’t even ask for such permissions, so finding it in your account’s permissions zone at all should set off your internal alarm bell.

To keep your account safe from similar attacks, consider enabling two-factor authentication (if you haven’t done so already). As a rule, only click on links and attachments you are pretty sure about. Don’t forget to follow through with Google’s suggestion to do a checkup if you think you were affected.

Bitdefender’s security solutions for Windows, Mac and Android detect phishing scams and warn users to steer clear of the contents before it’s too late.

Leave a Reply