PSA: Don’t click that Google Docs link!

If you get an email sharing a Google Docs file with you, I have some advice: Don’t click it!

This is a widespread phishing campaign that started on Wednesday. The malicious email contains what appears to be a link to a Google Doc file. This leads to a legit page asking you to authorize “Google Docs” to access to your Gmail account. The problem is that this takes control of your Gmail account and in the process, it sends out the same malicious email with your name on it and pillages your contact lists.

If you’ve been pwned by this attack already, you need to go into your Google account permissions page and remove all the access privileges for the evil Google Docs account. Google has apparently locked things down so that this attack doesn’t get worse. But expect it to be around for the next couple of days. That begs the question, why didn’t Google lock things down as a proactive measure?


One Response to “PSA: Don’t click that Google Docs link!”

  1. […] attack aimed at Gmail users was stunning in terms of scale and how effective it was. At the time, I said […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: