Massive Google Docs Phishing Attack! - Merit Educational Consultants

Massive Google Docs Phishing Attack!

I got a strange email this morning from someone that I knew, asking me to open a Google Doc that they had shared with me.  People send me a lot of Google Docs, so I didn’t read it super carefully, and even my IT guy thought it looked ok.  Only upon closer inspection did we realize that this was a phishing scam!

This email had a normal “Open in Google Docs” button, but rather than most phishing scams, this one pretended to be Google Docs, and it asked for permissions just like Google Docs might need.  Everything looked legitimate, but unfortunately, Google Docs does NEED permission from you to access your contacts, because they already have it.  This was a third party that was harvesting email addresses.  What it did next was to send the SAME email that I received to everyone in MY contacts list, from ME.  Yikes!

I immediately sent out an email to everyone who received the phishing email from me asking them to NOT click the link, and with instructions on how to remove the permissions and on how to change their Google password if they DID click.  The response I got from people was great; people respond well to someone being proactive.  Google has apparently fixed the problem and deleted all of the emails from their servers so it cannot happen again, but just in case, here’s what you do when something like this happens:

First, change your password.  It’s pretty much impossible for someone to get a password out of Google’s systems, even with permissions, but it’s a good idea, just to be on the safe side.  To change your Google Password, click here: https://goo.gl/nbHsAL  (Log in if needed)

Next, remove permissions from any application that looks suspicious.  You can do this by clicking here: https://goo.gl/PBSk2z

This link will take you to the “Connected Apps & Sites” page, and you can see all of the third party apps that you have given permission to, along with the day and time the permission was given.  If you think you’ve been the victim of an attack like this, check the date.  It’s a good idea to clean this section out from time to time anyway!

Finally, I think it’s good karma to pass on removal instructions, so I asked the recipients of my apology email to copy and paste the instructions and send them on to their contacts if they clicked the link like I did.

Be careful out there!