There are affiliate links on this page.
Read our disclosure policy to learn more.

Don't Open That Gmail Google Docs Email - What to do if you did click on it!

Don't Open That Gmail Google Docs Email

What to do if you did click on it!

A Google Docs phishing scam targeting as many of the 1 billion Google Gmail users was first seen on Wednesda, May 3, 2017.  It appears to be more sophisticated that past scams and got past Google's filters. Google Docs team issued a statement on Twitter:

 

"We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts. We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."

If you click on the link now, Google will redirect you to a page that says: "We're sorry;but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.". Google said it had disable" the malicious accounts and pushed updates to all users. The problem was said to only have  for only about one hour,

What is it and what does it do

You receive an email from someone you know with a  link to a Google Doc file in it. Problem is, it isn't a real Google Docs file.It is a phishing attack. When you click on the link, it takes to you an apps permissions page which authorizes an app to have access to information from your Google account. But this is malware from a scammer, not the real Google Docs,  The scammer's app seeks widespread permissions to your Google account. If you do click on it and allow it, the scammer will access to you Google account, to your Chrome login, your Google Docs, yoiur Google Drive, and anything else you have stored in any of those, like personal information, stored passwords, contacts, etc.

What do you do to avoid it?

Prett obvious: DON'T CLICK on any links or anything in the email.  The email id gives away that this is a phishing scam.

What to do if you clicked on it?

  1. Quickly revoke access for the fake Google Docs app by going your Google account and navigate to connected apps (or click here:  https://myaccount.google.com/security#connectedapps ). Now remove the Google Docs app from this list - this is the fake. The real Google Docs would not appear here.
  2. Then check which other apps have access to your Google account information. If you don't recognize them or remember authorizing them or they are simply apps that you no longer use; remove them.
  3.  Change your passwords - and make them long. You want them to be hard to remember. So, how do you remember them?  Don't!  Just get a password manager like Lastpass!
  4. Report the scam - Report any phishing attacks to Google . Just click the downward arrow at the top right of your inbox and selecting "Report Phishing."