X-SciTech

Beware unexpected Google Docs, the latest phishing scam

By Graham Kates

Updated on: May 3, 2017 / 5:27 PM EDT / CBS News

Be careful when opening emails claiming to include links to a Google Document shared by people you know —they might be part of a phishing scam that spread quickly across the internet Wednesday.

Staff at multiple media outlets, including CBS News, reported receiving the emails, which look nearly identical to the actual ones Google Drive sends when a person shares a document.

It is not clear if any accounts belonging to government officials were compromised, but information technology staff in at least one Senate office warned political staff about the phishing attempt, CBS News has confirmed.

Many of the emails include the address in "hhhhhhhhhhhhhhhh@mailinator.com" in the "send to" section.

This email about a Google Doc appears to be from someone the user knows, but is actually a phishing attempt. CBS News

Many people who received the suspect invitations took to Twitter to warn others.

🚨 If someone you know seems to be very eager to share a Google Doc with you today, it might be a phishing attempt. Don't click it! 🚨 pic.twitter.com/y0taEPeccT
— BuzzFeed News (@BuzzFeedNews) May 3, 2017

@zeynep Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX
— Zach Latta (@zachlatta) May 3, 2017

Phishing (or malware) Google Doc links that appear to come from people you may know are going around. DELETE THE EMAIL. DON'T CLICK. pic.twitter.com/fSZcS7ljhu
— Zeynep Tufekci (@zeynep) May 3, 2017

If users click on the fraudulent link, they are brought to a Google page where they are asked to grant "Google Docs" access to all of their Google accounts — giving hackers an open door to their email and private documents.

It is not clear who is behind the phishing effort.

The phishing attempt spread across the internet for several hours before Google appeared to at least block the page allowing users to give data permissions.

Google said in a statement sent to CBS News that by late Wednesday afternoon it had disabled accounts associated with the phishing attempt.

"We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts," the company said. "We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."

In an earlier tweet, Google warned users not to click suspect links.

We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.
— Google Docs (@googledocs) May 3, 2017

Got news tips about digital privacy, social media or online marketing? Email this reporter at KatesG@cbsnews.com, or via his encrypted address, grahamkates@protonmail.com (PGP fingerprint: 4b97 34aa d2c0 a35d a498 3cea 6279 22f8 eee8 4e24).

Google

Graham Kates

Graham Kates is an investigative reporter covering criminal justice, privacy issues and information security for CBS News Digital. Contact Graham at KatesG@cbsnews.com or grahamkates@protonmail.com

Beware unexpected Google Docs, the latest phishing scam

More from CBS News

Seattle to open overdose recovery center amid rising deaths

Botched graduation ceremony goes viral

Heineken vows nearly $50 million to transform "tired pubs" in U.K.

3 killed as storms slam Southeast after tornadoes strike Midwest