Unidentified hackers have created a convincingly authentic looking email phishing scheme that is spreading like wild fire across the Internet today. Victims receive an email that looks like a legitimate invitation from a friend or coworker to open a shared Google Doc. Once you click the link, you are redirected to a page that mimics your Google login page. Once you choose your user identity and submit your password, your account has been compromised.
The Internet was a flurry of activity as thousands of people began receiving and reporting about the Google Doc phishing emails. Major media outlets were amongst those that were hit.
Security professionals are urging anyone who receives suspicious Google Doc invites to confirm with the sender that it is indeed an authentic invite. Alternatively, if authenticity cannot be proven, delete the email.
Did You Fall For The Google Doc Phishing Scheme?
If you have fallen prey to the Google Doc phishing scheme, there are some steps you can take in order to attempt to regain control of your accounts.
- Visit your Google Security Checkup Page
- Initiate a check on your account, especially the “Accounts Permissions” section.
- Look for “Google Docs” under Accounts Permissions- if you see “Google Docs” that is the culprit- remove permissions immediately. Really Google Docs does not require permissions as it is built in to your account.
- Change your password.
The best advice we’ve seen floating around the web this afternoon is to consider NOT opening any Google Doc invites for the rest of the week, just to be on the safe side.
Cybercrime is a real problem. Make sure you, and your online assets, are secure!