Your IP: Unknown · Your Status: Protected
Unprotected
Unknown

NordVPN

Online security and privacy

NordPass

Password management

NordPass Business

Business password solutions

NordLocker

Encryption with cloud storage

Blog News

What is the Google Docs phishing scam?

In 2017, Google announced it had stopped an unusually sophisticated phishing email that had reached about a million users. In 2020, a Google Docs phishing scam reappeared, which weaponizes push notifications to drive its victims to malware riddled websites.

Zen Bahar

Zen Bahar

May 04, 2021 · 3 min read

facebook Facebook
twitter Twitter
Copy link Copy link
What is the Google Docs phishing scam?

What Happened?

A flaw within Google Drive was exploited to send out seemingly legitimate push notifications and emails from Google, If a Gmail user clicked on the “Open in Docs” button in the email, they were taken to a real Google-hosted page and asked to permit a seemingly legitimate service, called “Google Docs”, to access their email account data.

Giving the permission allowed scammers to access the email account, contacts and online documents. The malware then emailed everyone in the victim's contacts list in order to spread itself.

Potential Consequences

The phishing scam itself is nothing new – which is to get you to click on a link within a message. The scariest part about this Google Docs scam is that the emails and notifications it generates come directly from Google. On mobile, the scam uses the collaboration feature in Google Drive to generate a notification inviting people to collaborate on a document. Google blocks millions of spam mail each day, but this message really catches people off-guard since the notification or email comes from Google itself.

To learn how to secure Google Drive read our guide here. Or if you’d like to use a similar alternative to Google Docs, we have a great list of secure Google Docs alternatives here.

How can I tell if an email from Google is legitimate?

Strange language, nonsense names and newly registered websites are a dead giveaway. People targeted by the Google Docs email scam receive Google Drive emails and notifications in Russian or broken English, asking them to collaborate with people with nonsense names. If you click on the link within these messages you’ll be taken to a scam website which is usually registered only a few days before, and full of click bait about prize draws and giveaways.

You can report scam emails, and Google documents to the Google abuse team. To report abuse to Google about a document simply click ‘Report abuse/copyright’ from the ‘Help’ menu. To report a spam email to Google, click ‘More’ next to ‘Reply’ and then click ‘Report phishing’.

Is the Google Docs Phishing Email Still Active?

Google has removed documents which were used in the Google Docs email scam, after they were reported by victims. We assume that the security flaw which allowed scammers to generate notifications from Google, has been fixed – but it's best to stay vigilant. Online scams have quadrupled since the pandemic and with most of us working from home scammers are finding incredibly clever ways to hide their tracks within phishing emails.

What Can You Do to Protect Yourself?

A closer look at the emails shared online offer some clues to help you distinguish phishing emails from legitimate emails.

Identify Google Docs phishing email
  • The email appears to come from a genuine person in your contacts, and the subject line reads something along the lines of “[Your Friend] has shared a document on Google Docs with you.”
  • Included on the string of recipients is an email address that begins in “hhhhhhhhhhhhhh” and ends in “mailinator.com.” Mailinator is a website that lets visitors obtain a temporary and disposable email address.
  • In some cases, the suspicious Mailinator account appears in the email’s BCC field.

If you get an email that fits the description above, delete it immediately. If you’re concerned that your account might have been compromised, you can go to Google’s account management page, select “Sign-In and Security”, and then “Connected Apps.” Look for “Manage Apps” and revoke access to untrusted apps.

Rule #1: To protect yourself from phishing attacks, never click on any email links and do not open any attachments unless you are positive that the email comes from a legitimate source. The best way to verify the source is pay close attention to the sender’s address.

For added protection always use two factor authentication (2FA) on your accounts. When enabled, you’ll need to answer a secret question, or use a fingerprint, as well as your password to get into your accounts. This is a great way of securing yourself if your passwords ever get stolen. One of the best ways to secure your data online is by using a VPN. With a single NordVPN account you can protect up to 6 devices from accessing potential phishing sites, and hide your online activity from trackers.

Online security starts with a click.

Stay safe with the world’s leading VPN

Get NordVPN
Learn more
facebook Facebook
twitter Twitter
Copy link Copy link
Zen Bahar
Zen Bahar success Verified author
Zen likes to use her cybersecurity knowledge to help protect the privacy and freedom of others, otherwise, you can find her playing with paints in her studio in London.
Next article
Next read What is Usenet? And how does it work in 2021? Anna Rasmussen · Jul 23, 2021

Trending articles

Trending article
News · 3 min read Can Google Chrome’s FLoC replace browser cookies? Malcolm Higgins · Apr 21, 2021
Trending article
News · 3 min read How Google may have shut down a counterterrorism operation Carlos Martinez · Apr 01, 2021
Trending article
News · 3 min read Can you trust Uber with your data? Paul Black · Jul 30, 2021
Trending article
How-To · 4 min read What is Usenet? And how does it work in 2021? Anna Rasmussen · Jul 23, 2021