Have you gotten an email today (or perhaps several), saying that someone from your contacts list shared a Google document with you? Think twice before opening it or clicking the link to access the doc.
A number of people have been victims of an apparent phishing attempt (where hackers try to get you to click on sketchy links) by an unknown organization starting around 11:30 am PT today.
— Zach Latta (@zachlatta) May 3, 2017
At least some of the emails are addressed to “firstname.lastname@example.org” and appear to place the intended target in the BCC field. The subject line reads “[someone in your contacts] just shared a Google Doc with you,” imitating the way Google emails appear when people share Google Documents with one another.
If you click on the fraudulent link within the email, it will take you to a real Google page asking for widespread permissions across your Google accounts, which, if granted (don’t) would give the attackers access to a vast amount of personal data. For now, it doesn’t seem like the hack can access this information unless you give it permission; however, if you open the link, it does seem to forward the email to everyone on your contact list.
When reached for comment, Google said it’s investigating the attack. We’ll update this post if and when we learn more.
The attack hit an unknown number of employees within BuzzFeed and seems to also target people outside of the organization, including school districts and universities.
Guys dont open the “shared a doc with you” emails its a virus
— Julia Gallagher (@juliagalllagher) May 3, 2017
District is experiencing an email spam. Please don’t open email that includes a shared google doc. If you have, reset your password now.
— Royal Palm Beach HS (@RPBHSOfficial) May 3, 2017
All Google users are being targeted with a fake e-mail stating that a Google Doc has been shared with you. Godley.. pic.twitter.com/1uSyJyngA3
— Godley ISD (@GodleyISD) May 3, 2017
If you search “shared a doc” on Twitter, the results keep piling up.
Here’s what to do if you did click the link to the suspicious Google Doc:
- Go to the google security checkup and go through the checklist.
- Pay close attention to the Account Permissions section. Check for “Google Docs,” and remove it. It’s not the real Google Docs.
Some federal agencies including the United States Geological Survey and contractors for the United States Agency for International Development have been affected by the hack, according to people working at those agencies.