This article exists as part of the online archive for HuffPost Canada, which closed in 2021.

'Google Docs' Phishing Scam Spreading Through Email

The malware appears to hijack users' email address books.
|

If you get a link inviting you to open a Google Doc — even one that apparently came from someone you know — be careful before clicking it open.

According to multiple reports online, Gmail users are being targeted by a phishing scam that began spreading rapidly around mid-day Wednesday.

The scam begins with an email notification telling you that someone from your email contacts has “shared a document with you in Google Docs.”

According to The Verge, clicking on the link will take you to a Google page where you are asked to “sign in to Google Docs.” But in this case, "Google Docs" is the name of the malware.

Clicking on the link gives the malware access to your address book, which, according to Buzzfeed, is likely how it has been spreading.

The phishing scam is particularly dangerous because, unlike many other similar scams, it doesn’t take users to a fake web page, but rather to a real Google Docs page.

However, the software appears to have a tell: In many instances, the address line in the email shows the first recipient as “hhhhhhhhhhhhhhhh@mailinator.com.” It’s unclear at this time if all the phishing emails contain this address.

If you’ve clicked on the malware link, simply changing your Google accounts password may not be enough. Go to “my account” in your account, and navigate to “manage apps.” There, remove permissions for “Google Docs,” or any other app that was given permission about the time you clicked on the link.

The video below explains how to do that.

Popular in the Community

This article exists as part of the online archive for HuffPost Canada. Certain site features have been disabled. If you have questions or concerns, please check our FAQ or contact support@huffpost.com.