Did someone share a google docs with you ? If yes then you may well be one of the millions of internet users who became a victim of this scam campaign.
In the last few days a lot of people are getting emails from people they know with a regular invitation to view a Google document which says that the person [sender] “has shared a document on Google Docs with you.” It might even appear to have been sent from one of your known friends, family members, or colleagues – lulling you into a false sense of security.
Once you clicked the link, you will be redirected to a page which says, “Google Docs would like to read, send and delete emails, as well access to your contacts,” asking your permission to “allow” access.
Now here is the catch. It’s a fake app that is named Google Docs, but it’s actually a guy named Eugene Pupov trying to trick you. Click the blue “Google Docs” link to get more info on the app:
Since the app will allow access to “manage your contacts” and “read, send, delete, and manage email”, it gives the attacker full access to your Inbox. It also allows the attacker to propagate the scam by sending the same email to all of your contacts.
In short, anything linked to a compromised Gmail account is potentially at risk and even if you enabled two factor authentication, it would not prevent hackers to access your data.
What to do if you’ve already fallen victim
- Go to your Gmail accounts permissions settings at https://myaccount.google.com and Sign-in.
- Go to Security and Connected Apps.
- Search for “Google Docs” from the list of connected apps and Remove it. It’s not the real Google Docs
