Phishing Scam Warning: Google Docs

Big Island Now stock photo.

Reports of a new Google Docs phishing scam have been circulating online, accorded to a Hawai‘i Better Business Bureau press release issued today.

Users report receiving an email with an attached Google Doc, which appears to be coming from someone they know.

Users are prompted to click the link to open the document, which will then redirect them to a legitimate Google sign-in page where they then choose which Google account they would like use.

Once this is done, users will be asked to authorize an app called “Google Docs.”

This is not a Google app, and once the app receives permission to manage the user’s emails, it sends out the same email to all of the user’s contacts, asking them to repeat the process.

The new emails will now appear to be from the scam victim.

Not only will the hackers send out the email to all of the victim’s contacts, but the hackers now may have access to all accounts and information tied to the victim’s Google account.

Although the email appears to be coming from a personal contact, this phishing scam is easily identifiable, as the document will appear to be coming from hhhhhhhhhhhhhhhh@mailinator.com.

If anyone receives an email such as this, they should be sure to not click on the attachment and delete the email immediately.

If a user has already received and clicked on the document, they should change their Google account password as well as any passwords on accounts attached to the Google account. Users should also be sure to remove the permissions from the fake “Google Docs” app by going to myaccount.google.com. From there, users can go to Sign-In and Security, and then Connected Apps.

Users should delete any apps they do not recognize.