Do NOT Open Link in Unexpected Email with Google Docs Link Button!

There is an evil new phishing spam going around that is using Google Docs to do its dirty work. The subject is along the lines of “(Someone) has shared a document on Google Docs with you” – in many of the samples it is ‘Brett Schager has shared a document on Google Docs with you.” Many of the samples are also sent “to” hhhhhhhhhhhhhhhh@mailinator.com (you receive it because you are in the bcc: field).

The most important thing we can tell you is DO NOT CLICK ON THAT BUTTON that says ‘Open in Docs’!

The thing is, in this case even hovering over the link to see the actual URL won’t save you, because the link really does go to Google Docs. And that’s the diabolical genius of this particular spam. It’s a real Google Docs link. It just happens to go to a malware payload.

The way that the bad guys did this, explains The Verge, is “this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.”

In a statement issued on Twitter, the Google Doc team said:

“We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

This was several hours after the email hit people’s inboxes (and just 1 hour and 45 minutes before the writing of this article), so the odds are good that quite a few people were taken in by the phish.

So, if you did in fact click on that button, or otherwise think you may have been infected, Google says that you can go here in your Google account to secure your account.

Summary

Article Name

Do NOT Open Link in Unexpected Email with Google Docs Link Button!

Description

There is an evil new phishing spam going around that is using Google Docs to do its dirty work. The subject is along the lines of "(Someone) has shared a document on Google Docs with you" - in many of the samples it is 'Brett Schager has shared a document on Google Docs with you." Many of the samples are also sent "to" hhhhhhhhhhhhhhhh@mailinator.com (you receive it because you are in the bcc: field).

Author

Anne P. Mitchell

Get notified of new Internet Patrol articles!

Recent Comments

JudeAnne Gossin on How to Get Rid of Unwanted Cookies from Internet ExplorerPlease get into my facebook and youtube. Those are the only websites i want I do not know what website came on. I am not familiar with a website that come on while i was surfing, but now i cannot get int facebook or youtube.
sad on Facebook Allowing Profiles that are Overt Sex Ads – “Not Against Community Standards” says FacebookI hope Facebook crumbles and is destroyed altogether. This Community bs reminds me of communism. People should not rat each other out. Invest how much is needed, but work your own damn job.
PM Laberge on An Example of an Internet Extortion EmailSomeday, someone will have to get even with one of these scammers....
Monkorua on How the Heck did Square Get My Email Address?Square is an evil company, plain and simple. This thread is full of examples that people do not want the “convenience” of having their email addresses (and in many cases someone else’s email address) associated with their credit card numbers and purchases. F Square in the A!
E Weitz on How to Get Rid of the ‘Flagged’ Folder in Mac MailDid what I wanted, removed "Flagged Folder" from mail. Thanks!
Lori on How to Cancel a Bumble Boost (Premium) AccountThere is no boost subscriptions under settings and immuaimg an android and paid by card. Any other suggestions?
Gary on Newest Amazon Order Scam SpamThank_Y0u! Y0ur Payment of $645.60 was Successful. Confirmati0n-#402-8526980-0267429 (unsubscribe at PO Box 971, Reno, NV) I just got this one in email looking like an Amazon automatic payment. I thought, WHAT THE HELL DID THE WIFE BUY NOW? Remembering that there are a lot of scams going on, I checked...
Compliance Officer on What to Do if Your Amazon Order Never Arrives but They Say it Was DeliveredExcellent documentation of what Amazon WANTS us to do- but I agree with others- we are paying for PRIME, for 2-day delivery. Have you also noticed the increasing number of PRIME items that when you get to check out, ordering Monday morning, delivery is scheduled for 3, 4 even 5...
Fredstrated on FBI Warns of “Vishing” Attacks – Scammers Using VoIP to Call You and Get Your Private InformationI've been dealing with this crap for years. Been scammed, I've had phone #'s call me that are almost identical to my cell #, Had email from every crook around, had johnson $ johnson run a commercial using my business 877 # 100 calls a day when that happened, I...
Reysd on Are You Showing a Mystery Charge from 402-935-7733 via Paypal in Your Bank or Credit Card Account? Here’s WhyI posted in here before but it seems like people are getting different results. For me, I had purchased an online textbook for my school and the charge in my bank account showed up this way. It had been about a week before it showed up and never mentioned anything...

Do NOT Open Link in Unexpected Email with Google Docs Link Button!

You might also like some of our other articles:

Leave a Reply Cancel reply