What You Need to Know About the Massive Google Docs Phishing Outbreak

A sweeping campaign of phishing emails masquerading as a shared Google doc invite has infected troves of Google users on Wednesday, May 3, 2017, accessing their contacts lists to spread the attack further.

On Wednesday afternoon, the Internet lit up with reports of phishing emails disguised as invites to a shared document in Google Docs. In many cases, the email appeared to be sent from someone the recipient actually knew — another victim of the attack who had already had their account compromised.

They also resembled the typical Google Docs invite perfectly, with the lone exception of including the recipient “hhhhhhhhhhhhhhhh at mailnator.com.”

Once clicking “Open in Docs,” however, victims were asked to grant access to their account to a fake Google Docs app, which promptly took advantage of that access to raid the victim’s contacts list and use it to send out identical phishing emails to replicate the attack.

Google reacted swiftly to the attack by shutting down the rogue app and adding warnings to suspected phishing emails. But with an untold number of accounts already compromised, the fallout from this attack could be far from over.

What to do:

  • DO NOT click on any Google Docs invitations received on Wednesday May 3, 2017
  • If you see a “Google Docs” app authorized on Wednesday, May 3, 2017, remove it as well as any other apps you don’t recognize
  • If you suspect your Google account may have been compromised, visit this website for details

As always, please be on heightened alert for suspicious emails. This phishing campaign is just one of many that are currently in circulation. If you suspect an email is malicious, please report it.

Return to main Fraud Alerts page