Google Docs users are targets of email phishing scheme
If you received an email from your Gmail account today that invites you to open up a Google Doc from someone you know, then you might’ve just been targeted for a scam.
This sophisticated email scam is a part of a phishing scheme that’s attacked thousands of people with Gmail accounts.
How the Google Doc scam works
- The attacker sends you an email invitation from someone you know, and the email invites you to edit a Google Doc.
- If you click on the Google Doc link, the scam leads you to a Google sign-in screen, which then asks you if you want to continue to the Google Doc.
- If you hit continue, then you just granted permissions to a third-party web app called “Google Docs” to access your email and address book.
This phishing scheme is different from others because it’s taking advantage of the ability to create a non-Google web app that can have a misleading name like “Google Docs.” Since people aren’t realizing that this isn’t a legitimate Google app, many users have already accepted the permissions and given access to the phishers.