A new scam, circulating the internet on Wednesday, is masking itself as Google Docs as it tries to gain access to your contacts and address book. The reports were widespread Wednesday by those claiming they received an email asking them to open a document in Google Docs from one of their contacts. At surface level, the document doesn’t appear suspicious.
If you click on the link, you’ll be taken to a Google login screen and you’ll continue to work in Google Docs. But scammers are able to gain access to your personal information when you click the link to grant permission to Google Docs to “read, send, delete, and manage your email” and to “manage your contacts,” TechSpot reports about the scam. Particularly troublesome about this scam is the login page is an actual Google login screen, so a mysterious URL is not signaling to users that they’re being duped.
USA Today shows
an example of an email between a bogus Google Docs invitation versus a real one. The blue logo and the words are slightly different.
For instance, the real Google Docs invites you to “edit” a document and will use the blue Google Docs logo next to the doc name. However, the scam email doesn’t include the name of the document or use the Google Docs logo.
Google says it has disabled the accounts responsible for the attacks, removed the fake pages, and pushed updates through its Safe Browsing feature to try to counter the phishing attack.
For those who think they’ve been duped by this scam, Google urges you to go to your “Connected Apps and Sites” page and revoke privileges from the app called “Google Docs.” Also, be cautious of any emails that ask to share a Google document, even if it appears from a trusted contact. Check with the sender first to make sure it’s legitimate.
The New York Times offers more tips on
what to do if you think you’ve clicked on such an email.
Phishing scams have grown more prevalent, and the real estate industry has faced its own series of growing threats over the past year. The Federal Trade Commission and the National Association of REALTORS® issued a warning to customers last year to beware a mortgage closing phishing scam that dupes buyers into depositing their down payment into a fraudulent account. The scam hacks into real estate professionals’ email accounts and targets their customers with misleading information.
Read more.
Source: “Sophisticated Phishing Attack Used Google Docs to Gain Access to Your Contacts,” TechSpot (May 3, 2017); “Email Attack Hits Google: What to Do if You Clicked,” The New York Times (May 3, 2017); and "Google Doc Warning: There’s a Phishing Scam Going Around,” USA Today (May 3, 2017)