Don’t Click That Weird Google Docs Link You Just Got
by CIRT Team
A piece of malware is going around that pretends to be a Google Docs link which is a phishing scheme is racing around the internet right now, which means you should avoid clicking any weird Google Docs that have been emailed to you recently — even if it’s from someone you know. It’s spreading incredibly quickly.
If you click the link, it asks for some access permissions to your Gmail account (which actual Google Docs links would not need), and then spams everyone in your contacts with a link to a Google Docs file. They, in turn, email everyone in their contacts, and so on. All of them seem to include the email address “email@example.com.”
If, by chance, you received this email and clicked on the link, here’s what you need to do:
- Go to your Gmail account’s permissions settings at https://myaccount.google.com/permissions.
- Remove permissions for “Google Docs,” the name of the phishing scam.
- If the sender is someone you know, check with them outside of Gmail before you open anything to ensure they shared a Google Doc with you.
The malware gives itself the ability to spam your contacts, but not a malware that affects your entire computer, which means that as long as you remove any permissions you gave it, you’re safe.
An official statement from Google, saying the attack has been stopped: “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”