On Wednesday (May 3), Google announced it had stopped an unusually sophisticated phishing email that had reached about a million of its customers. However, you should still avoid clicking on any unusual Google Docs that you have received recently — even if it’s from someone you know.
What Happened?
Several people across a range of industries reported having received emails with what looked like a link to a Google Doc, appearing to come from someone they know. If a Gmail user clicked on the “Open in Docs” button in the email, they were taken to a real Google-hosted page and asked to permit a seemingly legitimate service, called “Google Docs”, to access their email account data.
Giving the permission allowed scammers to access the email account, contacts and online documents. The malware then emailed everyone in the victim’s contacts list in order to spread itself.
The scam first hit a number of news organizations. However, because it targeted everyone in the victim’s address book, it didn’t take long before more reports from people outside of the media world began to flood in. Judging from people commenting on Twitter, this appeared to be happening all over the place.
Potential Consequences
Google says it “disabled” the malicious accounts and pushed updates to all users within an hour. It could have been a potential calamity for unsuspecting victims, though. With control of your Gmail account, scammers can harvest any personal data you’ve ever sent or received in an email.
This technique, known as phishing, is often a way for bad actors to gain unauthorized access to a person’s email or other private accounts. In 2014, a similar scam targeted Google Docs and Drive users. However, it’s not yet clear what motivated this particular attack.
What Can You Do to Protect Yourself?
A closer look at the emails shared on the Internet offers a few clues that make the threat easily distinguishable from legitimate emails.
- The email appears to come from a genuine person in your contacts, and the subject line reads something along the lines of “[Your Friend] has shared a document on Google Docs with you.”
- Included on the string of recipients is an email address that begins in “hhhhhhhhhhhhhh” and ends in “mailinator.com.” Mailinator is a website that lets visitors obtain a temporary and disposable email address.
- In some cases, the suspicious Mailinator account appears in the email’s BCC field.
If you get an email that fits the description above, delete it immediately. If you’re concerned that your account might have been compromised, you can go to Google’s account management page, select “Sign-In and Security”, and then “Connected Apps.” Look for “Manage Apps” and revoke access to untrusted apps.
Rule No. 1 for protecting yourself from phishing: Do not click on any email links and do not open any attachments unless you are positive that the email comes from a legitimate source. The best way to verify the source is pay close attention to the sender’s address.
Related: Beware of This PayPal Phishing Scam
Related: The 3 Most Common Types of Digital Cons
Here at NordVPN, we are serious about user privacy and protection online, which is why we have created our unparalleled VPN service. However, the last best line of defense is you – the more you educate yourself on how to keep yourself safe online, the less risky will be your position in cases like this.
So, as always, remain vigilant.
Have you received the Google Docs email? Or have come across any other sophisticated scams lately? Let us know in the comments below.
Verified author
Christina is a community manager and the heart, the voice and the soul of NordVPN. She is always up for a conversation with our community of users and blog readers.
