It was announced Wednesday, May 3rd, 2017, that a massive Google Docs phishing attack has hit a number of companies including Article by Domain SupportGannett (USA TODAY), The Guardian, The Verge, TNW, BuzzFeed, Hearst, New York Magazine, Vice and others reported by WRBL, KETV and WCMH.
The attack is sophisticated and can fool even savvy Google Docs users. Someone you know sends you an email sharing a Google Doc, you click on the button, you are taken to an actual Google account selection screen (or at least it does if you have multiple accounts open) to select the account you want to use. On the next screen is, what appears to be normal authentication for “Google Docs”, asking for additional permission (i.e., multiple password entries) to access your account. However, this is not the real Google Docs; the actual Google Docs doesn’t require multiple password authentication/permission requests. Do not grant permission.
If you do, this attack vector will then self-replicate and forward the same fake document through Gmail, sending itself to all your own contacts and perpetuates this phishing attack to all your contacts.
Leroy Gil, iMore, warns, “If you receive an email from someone that has a “Shared Google Doc” link or attachment, even if it is from someone you know, just delete it. If you are expecting a share document from anyone, contact them first through text, phone call, or a separate email to confirm that the document is, indeed from the person you think it’s from.”
Also you can simply look for the document in Google Drive under “Shared with Me” section for valid docs that have been shared with you.
If you have clicked on the link and allowed permissions for this phishing attack, contact Connectech or optionally for paid G Suite users, escalate the matter to Google support for assistance.