Here's What You Need to Do If You Fell for the Google Docs Email Attack

The emails, which appeared to come from people the recipients knew, seemed to share a Google doc

Here's What You Need to Do If You Fell for the Google Docs Email Attack
Image: Pixabay
May 4, 2017

A massive phishing scheme invaded Gmail inboxes across the U.S. yesterday, and Google is investigating.

Here's what we know so far. Spammers sent out malicious emails yesterday afternoon. The emails appeared to be from people that the recipients knew, making it more likely that they would open them. The senders seemed to be sharing a Google document in the email, asking the recipients to click on the link.

Those who clicked then received a prompt that asked them to provide access to their Google contact lists and Google Drive account. If they did, the spammers used the lists to send even more emails and broaden the scheme.

Google posted a statement on Twitter at the time: "We are investigating a phishing email that appears as Google Docs. We encourage you to not click through and report as phishing within Gmail."

It is not yet known who the spammers were or how many people were victimized by the attack.

Yesterday evening, Google issued a second statement in which it said that it had disabled the accounts responsible, updated its systems to block the spam, and was figuring out how to keep such an attack from happening again.

Have you gotten a suspicious email? Here's what you should do:

Don't click, even when the sender is someone you know and trust

Even when a trusted contact is the sender, be wary about clicking links in emails. Spammers, cybercriminals, and more and more nation-state spies are sending basic email attacks called spear phishing. These attacks lure victims into clicking links that then download malicious software or inadvertently giving out their user names and passwords.

In the case of the Google Docs attack, the emails appeared to come from known and trusted senders but were actually sent from the address "hhhhhhhhhhhhhhhh@mailinator.com" with recipients blind carbon copied on the message.

Use multi-factor authentication

Most banking, social media, and email services—including Google—offer users the ability to enable multi-factor authentication. If you use this feature, the service will ask you to enter a one-time code texted to your phone whenever you log in from a computer or mobile device that the service doesn't recognize. This is the most basic way to stop hackers from using a stolen password to break into your accounts.

Shut it down

Did you click on the Google Docs link? If so, you accidentally gave spammers access to your Google account, but don't panic! Follow these steps to revoke their access:

  1. Go to https://myaccount.google.com/permissions
  2. Revoke access to "Google Docs"

Change your passwords. Again.

Change your passwords to something you've never used before—ideally to a long, nonsensical string of numbers, letter, and special characters. Don't use words found in a dictionary; the first thing a hacker does when trying to break into an account is to use a computer program that will try every word in the dictionary. Use a password manager to keep up with all of your passwords.

Report the attack.

Report phishing attacks to Google by going to the top right corner of your inbox, clicking the down arrow, and choosing "Report Phishing."