Google Docs Massive Phishing Scam

As you may have heard, over a million Google users were hit by a phishing scam on May 3rd. This scam came in the form of an email that looked a lot like a harmless invite from a Google user to join a Google document. Now, if you were suspicious (and I hope you were), you may have noticed that the email was addressed to hhhhhhhhhhhhhhh. When you see something like this or the red warning bar from Gmail (see left), this should be a pretty good indicator that something is amiss.

Just in case you may have accidentally clicked on the blue button invite, which was cleverly disguised to look remarkably like a legitimate Google button, here’s what you can do to protect yourself from further compromise by the spammer.

  1. Reset your password. This is one of the best ways to prevent a hacker from continued access to your account.
  2. Run Google’s Security Checkup to see what programs and add-ons have been granted access to your account. Look for an app called Google Docs, and remove it. It’s not really Google Docs and if you accidentally remove something you need, you can always grant access to it again the next time you attempt to open a legitimate Google Doc.

Once again, don’t open ANYTHING, even an email, from someone you don’t know or recognize and definitely don’t click on any links in emails from people you don’t know or aren’t familiar with why you were sent the message.