Gmail is investigating a new phishing scam that appears to be spreading rapidly.
The email says it has a Google Docs link for you to open. If you click that link, it redirects you to a legitimate Google sign-in page. You’re then prompted to select one of your Google accounts, which is all normal, and then you’re asked to authorize a legit-looking app called “Google Docs” to manage your emails.
The app requests permission to read, send and delete emails, but it isn’t really a Google app. It’s an app controlled by the hackers. once permission ha been granted to manage your email, it secretly sends out a bunch of emails to all your contacts, with the same phishing link.
Once hackers have control of your Gmail account, the possibilities are scary. Personal and business email accounts are commonly used as the recovery email on a number of digital accounts, which means that hackers could potential get control over your Apple, Amazon, Facebook, Twitter or personal Google account. Anything you have linked to a compromised Gmail account is potentially at risk.
The email may look like it’s coming from someone you know, but in order to distinguish if it’s legit or not, you need to check the “To:” field. If it’s part of the phishing scam, the address will show up as “email@example.com”.
There are things you can do to protect yourself:
1.) Delete any email about a shared Google Doc, unless you yourself can verify with the sender that it’s not the phishing email.
2.) If you clicked on the link, you should set up two-factor authentication.
3.) You can also remove permissions for the fake “Google Docs” app from your Google account. Go to myaccount.google.com, Sign-In and Security, and Connected Apps. From there, look at the list of connected apps, and ensure that anything you don’t recognize is deleted.
Gmail responded to the issue on Twitter, saying, “We are investigating a phishing email that appears as Google Docs. We encourage you to not click through, & report as phishing within Gmail.”
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through, & report as phishing within Gmail.
— Gmail (@gmail) May 3, 2017