Scam could compromise your Google Doc account
If you’ve received an invitation to join a shared Google Doc that you weren’t expecting, you might want to steer clear of it. It’s probably a phishing scam that could compromise your account.
Internet users everywhere are being spammed with what appear to be malicious invitations to log on to their Google accounts. Unlike your garden-variety cyberattack, many of the telltale signs that could tip you off that something is awry are absent.
For example, the attack appears to work by tricking you into logging into your actual Google account, then granting a third party (your attacker) access to your account’s data. Having gained permission to access your contacts, the attacker then fires off spam invites to everyone in your address book.
What makes this attack so tricky to detect is that it takes advantage of Google’s legitimate tool for sharing data with responsible third-party apps. Since the bogus invitation is being routed through Google’s real system, nothing is misspelled, the icons look accurate, and it’s hard to know something’s gone wrong until it’s too late.
Staff at The Washington Post, students at New York University and even workers at the U.S. Agency for International Development have received warnings from IT administrators not to open the emails.
So, until you hear otherwise, it’s probably best to hold off on any Google Docs usage for now.
If you’ve clicked the link in the malicious email, you can revoke the attacker’s access by visiting https://myaccount.google.com/permissions. Delete the “Google Docs” app, which is the one pretending to be legitimate.
A spokesperson for Google didn’t immediately respond to a request for comment.