Dont Open That Google Doc Unless Youre Positive Its Legit

IF YOU GET a Google Doc link in your inbox today, scrutinize it carefully before you click—even if it looks like it comes from someone you trust. A nasty phishing scam that impersonates a Google Docs request has swept the internet today, including a decent chunk of media companies. You’ve heard “think before you click” a million times, but it really could save you from a whole lot of hassle.

This round of Google docs phishing emails works like so: You get an email saying someone added you to a Google Doc; click this link to view it. That takes you to a legitimate account screen, listing all the Google accounts you’re logged into. From there, you choose the one you want to use to view the document (or log in, if you weren’t already authenticated in your browser). There, a malicious service called “Google Docs” awaits, asking for privileges to access your account, your contacts, your password rests, your emails, everything.

If you already clicked this type of link today (or any day), go to the Permissions page of your Google account as quickly as possible and, in this case, revoke access to the service called “Google Docs.” Again, it’s a fake. Then change your password and make sure you have two-factor authentication turned on, which you totally already did, right?


To help protect yourself even further in the future, Google offers a tool called Password Alert that warns you if you type your Google account credentials into any page that isn’t officially Google’s. If phishers have made a realistic-looking fake, Password Alert instantly suggests that you change your password and secure your account as soon as you’ve made the mistake. But this doesn’t necessarily protect you when scammers are manipulating genuine Google processes. And, of course, it doesn’t help you identify fake log-in pages related to other companies’ services.

https://www.wired.com/2017/05/dont-open-google-doc-unless-youre-positive-legit/?mbid=social_twitter