Skip to main content

Major Phishing Attack Targets Users Through Google Docs

* Malicious app masquerades as normal Google Doc
* Once opened, it instantly gains access to your email and address book
* Unclear where the attack originated

You may want to take a second look before you open any links on Google Docs. A new sophisticated form of malware is sending out Google invites that appear to be from people you know.

As soon as you click the link to open the Google Doc, the targeted malware infiltrates your email, gains access to your contacts and then sends out a series of messages inviting your friends and acquaintances to open a document with the generic subject line saying your friend “[x person] has shared a document on Google Docs with you.”

[protected-iframe id=”6dd82d2bcca745788431eb6b922f8881-117758725-117229809″ info=”//” height=”615″ class=”twitter-timeline”]

Unlike traditional phishing schemes — ones that require unsuspecting victims to open a rogue link or download an unknown file — this form of malware actually works within Google’s system to target victims. It masquerades as a normal doc, making it infinitely more effective and harder to catch.

Google has been quick to issue a statement:

“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

Google also says it’s now rolling out a new security feature in its Gmail application on Android that will help warn users about suspicious links.

If you’ve opened an unknown Google Doc recently, you can remove it from your account by heading to Google’s Connected Sites & Apps page and revoking its email access.

The who, what and why behind this attack are still unclear. Until we know for sure, take a few moments to look over any recent Google Doc invites.