Don’t Open That Suspicious Google Doc You Just Got There’s been a massive phishing attack.

Have you gotten an email today (or perhaps several), saying that someone from your contacts list shared a Google document with you? Think twice before opening it or clicking the link to access the doc.

A number of people have been victims of an apparent phishing attempt (where hackers try to get you to click on sketchy links) by an unknown organization starting around 11:30 am PT today.

At least some of the emails are addressed to “hhhhhhhhhhhhhhhh@mailinator.com” and appear to place the intended target in the BCC field. The subject line reads “[someone in your contacts] just shared a Google Doc with you,” imitating the way Google emails appear when people share Google Documents with one another.

If you click on the fraudulent link within the email, it will take you to a real Google page asking for widespread permissions across your Google accounts, which, if granted (don’t) would give the attackers access to a vast amount of personal data. For now, it doesn’t seem like the hack can access this information unless you give it permission; however, if you open the link, it does seem to forward the email to everyone on your contact list.

When reached for comment, Google said it’s investigating the attack. We’ll update this post if and when we learn more.

The attack hit an unknown number of employees within BuzzFeed and seems to also target people outside of the organization, including school districts and universities.

If you search “shared a doc” on Twitter, the results keep piling up.

virus

Here’s what to do if you did click the link to the suspicious Google Doc:

  • Go to the google security checkup and go through the checklist.
  • Pay close attention to the Account Permissions section. Check for “Google Docs,” and remove it. It’s not the real Google Docs.

UPDATE

Some federal agencies including the United States Geological Survey and contractors for the United States Agency for International Development have been affected by the hack, according to people working at those agencies.

Source: buzzfeed

Leave a Reply

Your email address will not be published. Required fields are marked *