Spam campaign targets Google users with malicious link

The email says it has a Google Docs link for you to open.

The link takes internet users to what appears to be a real Google page that asks for permissions across Google accounts. You should revoke permission for the "Google Docs" app that you have granted by clicking on the link.

Google did address the issue on Twitter saying, "We are investigating a phishing email that appears as Google Docs. We encourage users to report phishing emails in Gmail", it said.

Because the attack gains access to a user's account through official means-though by misrepresenting itself-it can bypass typical security measure likes two-factor authorization and login alters.

You can report it as phishing within Gmail. First, go to your Google permissions page.

A small number of teachers and staff members in Fayetteville School District are among those who have received spam email associated with the Google phishing scheme, Fayetteville spokesman Alan Wilbourn said.

Hackers created a malicious app and named it "Google Docs", which looked trustworthy. But in a statement late Wednesday, Google said that while the campaign accessed and used contact information, no other data was apparently exposed.

If you haven't clicked the link in the e-mail, closed the tab before hitting the "Allow" button, or pressed the deny button instead, then you are okay.

Locate the "Google Docs" app. Take a look at any of those apps and delete any that may be suspect or any you don't recognize.

It is not clear who sent out the malicious emails or how many users have been affected by the attack.

  • Carolyn Briggs