Hackers have developed a new scam involving Google Docs that was widely reported this week. The attackers send out emails containing a fake link to Google Docs, purportedly from one of your contacts. On the surface, the document doesn't appear to be suspicious but anyone who clicks on it could see their Gmail account hacked.
Once the link is clicked on, users will be directed to what looks like a Google login screen, TechSpot reports. But, the scammers are able to gain access to users' personal information when they click on that link as it grants permission to Google Docs to "read, send, delete and manage your email", and also managed your contacts. Even worse is that the link directs users to a genuine Google login page, so there's no weird URL to give away the fact it's a scam.
There are some ways to tell though. USA Today displayed an example of an email between a bogus Google Docs invitation versus a real one. The blue logo and the words are slightly different.
For instance, the real Google Docs invites you to “edit” a document and will use the blue Google Docs logo next to the doc name. However, the scam email doesn’t include the name of the document or use the Google Docs logo.
Google said it's already disabled accounts associated with the attacks and removed the fake login pages, in order to counter the attack.
If you think you've already been duped by the scam, Google recommends going to your "Connected Apps and Sites" settings and revoking privileges from the Google Docs app. Also, be cautious of any emails that ask to share a Google document, even if it appears from a trusted contact. Check with the sender first to make sure it’s legitimate. The New York Times offers more tips on what to do if you think you’ve clicked on such an email.
These so-called phising scams are rapidly becoming more common. Last year, the Federal Trade Commission and the National Association of REALTORS issued a warning to customers about a mortgage closing phishing scam that dupes buyers into depositing their down payment into a fraudulent account. The scam hacks into real estate professionals’ email accounts and targets their customers with misleading information.