'Google Docs' Scam Strikes Email Accounts Nationwide




An email "phishing" scam spread around the country Wednesday afternoon, enticing people to click on what looked like a valid Google link that instead exposed their personal information, Google confirmed.


The email arrives with a subject line saying someone "has shared a document on Google Docs with you" and a link that says "Open in Docs." The link appears to be legitimate, and clicking on it leads people to a page where they are asked to give "Google Docs" access to their Google account.


But it is not the real Google Docs, and clicking the "Allow" button gives the potentially malicious app permission to read and delete emails and to manage contacts. It is not clear who is taking the data once users authorize access or what they are doing with it.


Google released a statement on the scam Wednesday evening, saying it removed the fake pages and pushed updates through its Safe Browsing service, which lets users check URLs against lists of unsafe web resources.


"We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts," the statement read. "Our abuse team is working to prevent this kind of spoofing from happening again."


Google is investigating the worm.


Employees and others connected to large companies, especially educational institutions and newsrooms, reported an inundation of the emails Wednesday afternoon. The scam spread so quickly and comprehensively that "Google Docs" was the nationwide top trend on Twitter by 4:30 p.m. ET.


Digital Life Expert Ryan Merchant said the scam was a sophisticated one.


"Entering information they actually were giving permission to an app that was not a Google app," Merchant said. "Once they entered that information and clicked then the attackers got access to all of the information that’s in their email."


Cybersecurity officials at the New Jersey Office of Homeland Security and Preparedness tweeted that people should avoid clicking the link. A number of New Jersey school districts also warned that they had been struck and that students should not click.


If you receive a Gmail message with the mailinator.com address as the main recipient, immediately report it as phishing by clicking the down arrow beside the reply button and selecting "Report phishing." Then delete it.


If you do click on the malicious link, don't grant permission when the fake GDocs app asks for it.


"We all use Google Docs," Dori Horvath of Green Brook, New Jersey, who fell victim to the scam, said. "I immediately clicked on the link."