USA TODAY US Edition

Google warns of phishing scam spread through Docs

- Brett Molina @brettmolin­a23 USA TODAY

Quick warning: If there’s an email in your inbox asking you to open a Google Docs from someone, and you don’t know who it is, don’t open it.

It’s probably a phishing email disguised as a contact attempting to share a file from Google Docs, Google says.

The scam is one of the oldest around, akin to sending an email asking you to click a hyperlink. Do so, and hackers can get access to your informatio­n.

The email appears to come from someone inviting the user to share a document. The sophistica­ted email looks very similar to one sent by Google but appears to come from an individual Gmail account. Look closely and you’ll see the difference between bogus and fake.

A reliable Google Doc invites you to edit a document and has the blue Google Docs logo next to the doc name. The bogus email that went out Wednesday, which USA TODAY received, doesn’t state the name of the doc nor have its name.

Google released a statement Wednesday saying it had taken action to protect users against the impersonat­ing email and has disabled offending accounts.

“We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

The bogus e-mail sent to this reporter, recovered from the email trash folder, had been updated with a warning message from Google: “Be careful with this message. Similar messages were used to steal people’s personal informatio­n. Unless you trust the sender, don’t click links or reply with personal informatio­n.”

When users click on the file, the fake Google Docs will seek permission to access your account. Users who click on the link and follow through with the process should go to Google’s account permission­s to deny access.

Phishing is a common tactic used to gain access to a user’s login credential­s. In most cases, users are asked to click on a link, then provide account details to access the informatio­n provided. However, the process provides the user’s credential­s to the attacker, allowing them access to email accounts, social networks or other platforms.

Best practices: if you receive an email of this type and don’t know the sender, don’t open it.

Period.

?? ?? A screenshot of the phishing email received by USA TODAY on Wednesday.
A screenshot of the phishing email received by USA TODAY on Wednesday.
?? MARCIO JOSE SANCHEZ, AP ?? Google says it is investigat­ing the scam and encourages users not to click on the link.
MARCIO JOSE SANCHEZ, AP Google says it is investigat­ing the scam and encourages users not to click on the link.

Newspapers in English

Newspapers from United States