Do NOT Open Link in Unexpected Email with Google Docs Link Button!

brett shager google docs spam hhhhhhhhhhhhhhhh mailinator.com
Share the knowledge

There is an evil new phishing spam going around that is using Google Docs to do its dirty work. The subject is along the lines of “(Someone) has shared a document on Google Docs with you” – in many of the samples it is ‘Brett Schager has shared a document on Google Docs with you.” Many of the samples are also sent “to” hhhhhhhhhhhhhhhh@mailinator.com (you receive it because you are in the bcc: field).

[Website maintenance provided by Usestrict and we love them!]

 

The most important thing we can tell you is DO NOT CLICK ON THAT BUTTON that says ‘Open in Docs’!

google docs spam hhhhhhhhhhhhhhhh mailinator.com

The thing is, in this case even hovering over the link to see the actual URL won’t save you, because the link really does go to Google Docs. And that’s the diabolical genius of this particular spam. It’s a real Google Docs link. It just happens to go to a malware payload.

link in google docs spam

The Internet Patrol is completely free, and we don't subject you to ads or annoying video pop-ups. But it does cost us out of our pocket to keep the site going (going on 20 years now!) So your tips via CashApp, Venmo, or Paypal are VERY appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

The way that the bad guys did this, explains The Verge, is “this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.”

In a statement issued on Twitter, the Google Doc team said:

“We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

This was several hours after the email hit people’s inboxes (and just 1 hour and 45 minutes before the writing of this article), so the odds are good that quite a few people were taken in by the phish.

So, if you did in fact click on that button, or otherwise think you may have been infected, Google says that you can go here in your Google account to secure your account.

The Internet Patrol is completely free, and we don't subject you to ads or annoying video pop-ups. But it does cost us out of our pocket to keep the site going (going on 20 years now!) So your tips via CashApp, Venmo, or Paypal are appreciated!
Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Get New Internet Patrol Articles by Email!


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.