There is an evil new phishing spam going around that is using Google Docs to do its dirty work. The subject is along the lines of “(Someone) has shared a document on Google Docs with you” – in many of the samples it is ‘Brett Schager has shared a document on Google Docs with you.” Many of the samples are also sent “to” hhhhhhhhhhhhhhhh@mailinator.com (you receive it because you are in the bcc: field).
The most important thing we can tell you is DO NOT CLICK ON THAT BUTTON that says ‘Open in Docs’!
The thing is, in this case even hovering over the link to see the actual URL won’t save you, because the link really does go to Google Docs. And that’s the diabolical genius of this particular spam. It’s a real Google Docs link. It just happens to go to a malware payload.
The way that the bad guys did this, explains The Verge, is “this grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.”
| No Paywall Here! The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? |
| Get notified of new Internet Patrol articles for free! |
In a statement issued on Twitter, the Google Doc team said:
“We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”
This was several hours after the email hit people’s inboxes (and just 1 hour and 45 minutes before the writing of this article), so the odds are good that quite a few people were taken in by the phish.
So, if you did in fact click on that button, or otherwise think you may have been infected, Google says that you can go here in your Google account to secure your account.
| No Paywall Here! The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? |
Related articles:
Bogus AT&T Text Message from 1410100009 is Effort to Steal Your Personal Information- If You Get the “Complete Required Actions” Email from GoDaddy Do NOT Open It!
- How to Report Spam Coming from Gmail to Gmail and Google
- Do NOT Open the American Express Refund Authorization Email!
- About the Amazon Gift Card in Your Mailbox Scam
- DatabaseUSA Wins Case against Spamhaus in Matter of DatabaseUSA v. Spamhaus in Federal Court - 8/3/2020
- How to Make Your Mac Back Up to a Specific Drive When Time Machine is Using More than One Drive, Plus Explanation of Consistency Scan - 7/29/2020
- Instacart Denies Data Breach, Blames Customers, as More Than 250,000 Instacart Customer’s PII is for Sale on the Dark Web - 7/28/2020
