Google warns of phishing scam that impersonates Google Docs

If you clicked on the link and were affected by todays attack, Google says you should visit myaccount.google.com/permissions to revoke the “Google Docs” app. Google Docs doesnt require separate authorization as Gmail gives it by default.

Taylor told iTWire that the Google attack shows it only takes one or two clicks by a recipient to unknowingly open a weaponised link - in this case - or spreadsheet, slideshow or PDF and trigger an attack in many other cases.

As 1010 WINS' Al Jones reported, the latest email scam looks exactly like it is through Google Docs.

Not only are victims' accounts controlled by a malicious party, but if users follow the instructions, the same email is sent to anyone they have ever emailed and their contacts. When the user clicks on the attached document, the link takes the user to your real Google security profile, where it will ask for permission to manage your account.

Google said on Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages.


Although it may seem harmless, experts warn that these hackers now have access to your Google account and any personal information inside. But cyber security expert Ian Marlow at FITECH advises people to check before they click.

"I don't believe they are behind this though because this is way too widespread", said Jaime Blasco, chief scientist at AlienVault.

The email also appears to be sent to a suspicious email account called "hhhhhhhhhhhhhhhh@mailinator.com".

Google users are being spammed everywhere. The attempt to steal OAUTH tokens is a departure from traditional phishing attacks that target passwords primarily. "Its OAUTH processes are subject to fakery and therefore phishing attacks".

  • Kara Saunders