In 2017, Google announced it had stopped an unusually sophisticated phishing email that had reached about a million users. In 2020, a Google Docs phishing scam reappeared, which weaponizes push notifications to drive its victims to malware riddled websites.
A flaw within Google Drive was exploited to send out seemingly legitimate push notifications and emails from Google, If a Gmail user clicked on the “Open in Docs” button in the email, they were taken to a real Google-hosted page and asked to permit a seemingly legitimate service, called “Google Docs”, to access their email account data.
Giving the permission allowed scammers to access the email account, contacts and online documents. The malware then emailed everyone in the victim's contacts list in order to spread itself.
The phishing scam itself is nothing new – which is to get you to click on a link within a message. The scariest part about this Google Docs scam is that the emails and notifications it generates come directly from Google. On mobile, the scam uses the collaboration feature in Google Drive to generate a notification inviting people to collaborate on a document. Google blocks millions of spam mail each day, but this message really catches people off-guard since the notification or email comes from Google itself.
Strange language, nonsense names and newly registered websites are a dead giveaway. People targeted by the Google Docs email scam receive Google Drive emails and notifications in Russian or broken English, asking them to collaborate with people with nonsense names. If you click on the link within these messages you’ll be taken to a scam website which is usually registered only a few days before, and full of click bait about prize draws and giveaways.
You can report scam emails, and Google documents to the Google abuse team. To report abuse to Google about a document simply click ‘Report abuse/copyright’ from the ‘Help’ menu. To report a spam email to Google, click ‘More’ next to ‘Reply’ and then click ‘Report phishing’.
Google has removed documents which were used in the Google Docs email scam, after they were reported by victims. We assume that the security flaw which allowed scammers to generate notifications from Google, has been fixed – but it's best to stay vigilant. Online scams have quadrupled since the pandemic and with most of us working from home scammers are finding incredibly clever ways to hide their tracks within phishing emails.
A closer look at the emails shared online offer some clues to help you distinguish phishing emails from legitimate emails.
If you get an email that fits the description above, delete it immediately. If you’re concerned that your account might have been compromised, you can go to Google’s account management page, select “Sign-In and Security”, and then “Connected Apps.” Look for “Manage Apps” and revoke access to untrusted apps.
Rule #1: To protect yourself from phishing attacks, never click on any email links and do not open any attachments unless you are positive that the email comes from a legitimate source. The best way to verify the source is pay close attention to the sender’s address.
For added protection always use two factor authentication (2FA) on your accounts. When enabled, you’ll need to answer a secret question, or use a fingerprint, as well as your password to get into your accounts. This is a great way of securing yourself if your passwords ever get stolen. One of the best ways to secure your data online is by using a VPN. With a single NordVPN account you can protect up to 6 devices from accessing potential phishing sites, and hide your online activity from trackers.
NordVPN also has the Threat Protection feature. It neutralizes cyber threats before they can do any real damage to your device. TP helps you identify malware-ridden files, stops you from landing on malicious websites, and blocks trackers and intrusive ads on the spot.