Google warns of phishing scam spread through Docs
Quick warning: If there’s an email in your inbox asking you to open a Google Docs from someone, and you don’t know who it is, don’t open it.
It’s probably a phishing email disguised as a contact attempting to share a file from Google Docs, Google says.
The scam is one of the oldest around, akin to sending an email asking you to click a hyperlink. Do so, and hackers can get access to your information.
The email appears to come from someone inviting the user to share a document. The sophisticated email looks very similar to one sent by Google but appears to come from an individual Gmail account. Look closely and you’ll see the difference between bogus and fake.
A reliable Google Doc invites you to edit a document and has the blue Google Docs logo next to the doc name. The bogus email that went out Wednesday, which USA TODAY received, doesn’t state the name of the doc nor have its name.
Google released a statement Wednesday saying it had taken action to protect users against the impersonating email and has disabled offending accounts.
“We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”
The bogus e-mail sent to this reporter, recovered from the email trash folder, had been updated with a warning message from Google: “Be careful with this message. Similar messages were used to steal people’s personal information. Unless you trust the sender, don’t click links or reply with personal information.”
When users click on the file, the fake Google Docs will seek permission to access your account. Users who click on the link and follow through with the process should go to Google’s account permissions to deny access.
Phishing is a common tactic used to gain access to a user’s login credentials. In most cases, users are asked to click on a link, then provide account details to access the information provided. However, the process provides the user’s credentials to the attacker, allowing them access to email accounts, social networks or other platforms.
Best practices: if you receive an email of this type and don’t know the sender, don’t open it.
Period.