Google warns of phishing scam that impersonates Google Docs

On Wednesday afternoon, "Google Docs" was a global trending topic on Twitter, meaning a lot of people were talking about the attacks.

We are investigating a phishing email that appears as Google Docs.

"Our abuse team is working to prevent this kind of spoofing from happening again", the company said in an email to Reuters.

If you clicked on the link and were affected by todays attack, Google says you should visit myaccount.google.com/permissions to revoke the “Google Docs” app. Google Docs doesnt require separate authorization as Gmail gives it by default. And Nipomo High School posted on Facebook to warn parents and community members not to click on emails from the district that contain the wording "has shared a document on Google Docs with you".

Internet users everywhere are being spammed with what appear to be malicious invitations to log on to their Google accounts.

Phishing is a common tactic used to gain access to a user's login credentials. If they agreed, the app would then send additional copies of the original email to the users' contacts.

Users don't have to take additional action, although Google encouraged those who want to be extra safe to run its security check feature.

Users are asked to click on the link, which ultimate gives the hackers behind the attack access to the contents of their Google accounts, including email, contacts and documents.

OAUTH is an authentication standard that allows a user to authorize third party applications access to an account.

While this attack is likely the work of a spammer, nation-state attackers including APT28, aka Fancy Bear or Sofacy, have made use of this tactic. The group has always been targeting political entities, including North Atlantic Treaty Organisation, and uses phishing emails, backdoors and data-stealing malware to conduct espionage campaigns against its targets.

A similar con in 2014 targeted Docs and Drive users.

Clicking the malicious link takes users to a real Google-hosted page that presents them with a list of their accounts.

  • Arturo Norris


IN CASE YOU MISSED IT