Google Docs Hit by Phishing Attack

Google Docs Hit by Phishing Attack

Don't edit that Google Doc, at least not today.

If someone invites you to edit a file in Google Docs, be careful opening it as it may be a sophisticated phishing scheme out to get your credentials.

As detailed on many websites since the attack started on the afternoon of May 3rd, the attack sends targets an emailed invitation from someone they may know, takes them to a real Google sign-in screen then asks them to "continue to Google Docs." But this grants permission to a third-party web app that has just been named "Google Docs." This gives the hacker access to your email and your address book.

This phishing scheme is different from others in that it works within the Google system. It takes advantage of the fact that you can create a non-Google web app with a misleading name.

If you have clicked the app, it may have already spammed everyone in your address book by you can revoke future access by going to Google's Connected Apps and Sites page, where you can remove access from "Google Docs." Also, it may be a good idea to change your password.

Digital Edition

  • Security Today Magazine - March 2020

    March 2020


    • Transforming the Industry
    • The Open Platform
    • Creating a Standardized Platform
    • Common Mistakes
    •The Next Victims

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety