Even attachments from legitimate sources appear to contain illegitimate vibes.
5:15 ET From Google:
We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.
After looking at a few of these and seeing investigations from others on Twitter, we have a clearer picture of what’s happening.
It appears that a third party developer has created a service that uses your Google login to authenticate. Somehow this service was able to use the name Google Docs. Attachments that need you to authorize this service are being sent using previously phished Google accounts, and upon clicking you’ll be asked to give access to things like reading and sending an email (so more phishing emails can be sent) as well as access to your account. While this should be a huge red flag to anyone, it’s likely working well for the people doing the account phishing.
The original post is below.
Have you checked social media lately? There’s a bit of buzz making the rounds about Google Docs spam popping up in people’s inboxes. The spam comes as an email attachment from even the most legitimate Google Docs users, including educational institutions and other professional organizations that rely on the document-storing cloud service.
MASSIVE phishing attempt via @Google Docs going on right now!! If you get invited to open a doc, DON’T CLICK IT!
— Chad Wingerd (@chadwingerd) May 3, 2017
I just got an email from my daughter’s school, with malware embedded in a Google Doc. I can’t help but like Google even less now.
— Vernon E. L. Smith (@VernonEL) May 3, 2017
Here’s your official public service announcement to please check the attachments before you open them; Check the address of the person who sent it, and maybe even give the person a call to ask if they sincerely meant to send along a PDF.
There are very few details about what the malware contained actually does and where it originated, but we’ve reached out to Google for more information.