Google Docs Phishing Scam: What We Know

May 04, 2017

On May 3rd, 2017, news outlets and social media sites were reporting a phishing scam surrounding fake “Google Doc” emails. The email body stated “[sender name] has invited you to view the following document:” and provided a link to “Open in Docs.” The link directed the user to a legitimate Google login page. Once the recipient entered their credentials, a permissions box for a fraudulent application would appear. This application requested access to the user’s address book and email. Once the user clicked “Allow,” the attacker was granted full access to the victim’s email account information and address book. The attacker could then send phishing emails to other targets from this compromised account.

Google was attentive to the issue and quickly blocked the sender and site housing the malicious application. Any users who fall for this particular scam now receive a Google 404 error when they click on the link. Additionally, Google is in the process of shutting down the sender's site.

If you received this email prior to the block, clicked on the link and authorized permissions on your Google account, we recommend you perform the following actions:

  • Revoke permissions for untrusted apps. 
    • Permissions can be revoked at the “Connected Apps and Sites” page of Google’s Account Settings. Note: Google should have automatically revoked permissions related to this phishing attack. However, the user should still review all permissions at this time.
  • Reset your account password.

Don’t take any cyber-criminals bait! Follow these best practices to minimize your risk of being poached:

  • DO NOT reply to suspicious messages. Delete the message or report it directly to abuse@missouri.edu.
    • When reporting phishing, please send the original email as an attachment by dragging and dropping it into a new message box. 
  • DO NOT click on links provided in email messages. If you get an email from what appears to be a ‘known’ source (such as your bank or credit card company) open a new browser window and type their web address directly. 
  • DO NOT open unexpected attachments provided in email messages. If the email is from a ‘known’ source yet the text seems impersonal, contact the sender before opening. 
  • If the email claims to be from the University, the website provided should direct you to an official Mizzou webpage. ALWAYS hover your mouse over the link (do not click) to confirm you are being sent to legitimate website.    
  • Never share your password!
  • Visit http://makeitsafe.missouri.edu/phishing for detailed information on this topic!

Source: Naked Security (2017). “Update: Google Doc phishing story takes some bizarre turns.” Retrieved from https://nakedsecurity.sophos.com/2017/05/04/student-claims-google-docs-blast-was-a-test-not-a-phishing-attempt/.