Sophisticated Google Docs Scam Is Spreading Across the Internet

Internet users beware: a sophisticated and extremely convincing scam is on the loose, and it wants to hijack your Google accounts so it can continue to spread.

Word of the new scam first spread across the internet on Wednesday afternoon, when reporters for various media outlets — including BuzzFeed, Vice and Fortune — started to receive a rather legitimate looking invitation to view a Google Docs file. If clicked on, the email brings unsuspecting users to a page that’s nearly indistinguishable from a genuine Docs invitation — complete with an authentic-looking URL and legitimate links. The page then asks for permission to access your Google account. Some of the emails that the invitations were sent from even appear legitimate — Gizmodo reports at least one user receiving the scam from a .gov account. A short video of what the entire attack looks like is available below, via Twitter.

While members of the media seem to be the attack’s first targets, anyone could receive the malicious invitation. The whole attack echoes similar scams that have been spotted in the wild since 2014, according to Wired. The email and invitation page don’t appear to deliver malware to victims. Instead, they seem geared toward “phishing” — stealing usernames and passwords, allowing attacks to hijack the Google account in question. Once hacked, attackers will send the same invitation from your account to all the addresses in your contacts, according to TechCrunch. Currently, it’s unknown who is behind the attack.

If you receive a strange invitation to view a Google Doc, it’s strongly recommended that you don’t click on it. But if using Google Docs is essential to your work or day-today life, you can enable two-factor authentication — which keeps attackers from logging into your account even if they have your password. If you did click on the invitation, and want to know if your account has been compromised, go to your Google app permissions. If there’s an app called Google Docs, there shouldn’t be – this would mean you’ve been hacked. To foil the attack, revoke the fraudulent app’s permission.

Google has since addressed the issue, and said that they are investigating. In the meantime, the company encourages users to not click through on invitations, and to report suspicious emails as phishing scams.