Did someone share a Google Doc with you? If yes, you might be one of the millions of internet users who fell victim to this scam campaign.In the last few days, a lot of people received emails from their contacts with a seemingly normal and legitimate invitation to view a Google document which says that the person [sender] "has shared a document on Google Docs with you." It might even appear to have been sent from one of your known friends, family members, or colleagues – lulling you into a false sense of security.Once the link is clicked, you will be redirected to a page which says, "Google Docs would like to read, send and delete emails, as well access to your contacts," asking your permission to "allow" access. Seems normal right? Google often asks for these types of permissions in other areas, plus the window kept the same theme of the typical Google Permissions request.But, here is the catch. It’s a fake app! The app, Google Docs, is actually a guy named Eugene Pupov trying to trick you. Click the blue “Google Docs” link to get more info on the app:
Since the app will allow access to “manage your contacts” and “read, send, delete, and manage email”, it gives the attacker full access to your Inbox. It also allows the attacker to propagate the scam by sending the same email to all of your contacts.In short, anything linked to a compromised Gmail account is potentially at risk and even if you enabled two-factor authentication, it would not prevent hackers from accessing your data (since you gave them direct access through permissions).
Now, What do you do if you've already fallen, victim?
If you fell victim to this scam, then you need to remove permissions given to the app.
- Go to your Gmail accounts permissions settings at https://myaccount.google.com and Sign-in.
- Go to Security and Connected Apps.
- Search for "Google Docs" from the list of connected apps and Remove it. It's not the real Google Docs
Though these types of scams can be scary, don't loose hope. Stay informed and keep your guard up. If you're suspicious of the invitation or attachment in an email, just ask the person who sent it if it is actually something you are supposed to open. If they don't know what you're talking about then just delete the email and save yourself trouble down the road.I hope this information helped you. Thanks and good luck.