Massive Google Docs phishing attack currently sweeping the internet

If you just received an unexpected email in which someone you know is sharing a Google Doc with you do not open it.

There is currently a rather massive phishing attack making its way through the internet. It’s pretty sophisticated, and very easy to fall for. As laid out in a reddit post by JakeSteam, it basically works like this:

  1. As seen in the image above, you receive a simple email saying a Google Doc has been shared for you, likely from someone in your contact list.
  2. You click on the button, which links to a real Google account selection screen. (or at least it does if you have multiple accounts open).
  3. Select the account you want to use, an what appears to be “Google Docs” asks for several permissions to access your account. This is not the real Google Docs; the real one doesn’t need to ask for any permissions. But if you didn’t know this, it looks authentic enough other than all the permissions it requires.
  4. It then self-replicates by sending itself to all your own contacts.

Credit: JakeSteam on Reddit

The attack seems to be able to bypass two-factor authentication and login alerts. Because you gave the imposter Google Docs full access to your email, it’s possible the attacker could extract any information stored in your messages. It could also be used to access your passwords for other services by sending password reset emails. Be sure to read the Reddit post for more.

If you’ve been affected, revoke access to the fake “Google Docs.” Make sure to send a followup email to your contacts if you see spam emails in your send folder. Also be sure to let whoever sent you the email know that their account has been compromised.

Currently, it seems the link has been disabled by Google, but not before it appears to have spread to hundreds or thousands. We’ve contacted the company for more information on the attack and will update this post when we hear back. As always, don’t open links you weren’t expecting to receive without being absolutely sure they are legit.

Update: Google has now blocked this specific phishing attack, but still be on alert should a similar attack hit the internet.