Google Docs Imposter

Computer security

The latest Malware Scam you may not have heard of

Google Docs is a great way to document share for individuals and businesses alike. With the click of your mouse, you can send an email directly to a recipient you want to share a document with, giving them the capability to view, edit, and download documents all from their internet connection. Some businesses get so accustomed to clicking links to “Open in Docs” that they wouldn’t even think twice about clicking on a potentially malicious link in doing so.

Beginning this month, there have been malware attacks reported that transfer in exactly this manner. This phishing email presents itself in the form of one of your contacts sharing a Google Doc with you. If tricked by this (and many, many people already have been), it will blast the same bait to everyone on your contact list.

Here’s what we know so far:
  • Clicking the link takes you to a real Google-hosted page, with a list of your Google accounts ready to click
  • It asks you to select an account and provide an app called “Google Docs” — yes, they were somehow allowed to name a third-party app “Google Docs” — with account permissions
  • As soon as you click the “ALLOW” button, this not-at-all-actually-Google Docs app now has permission to read your emails and email all your contacts… the latter of which it’ll start doing pretty much immediately, spreading the worm to pretty much everyone you’ve ever emailed.

If you have any suspicion that you may have been fooled by this type of malware, it’s pretty easy to check. Check your Google account’s app permissions. There shouldn’t be an app called “Google Docs” there — actual Google Docs has access to your account by default. If you see it listed there, remove it by tapping the label and hitting “Remove”.

Keeping yourself and your staff informed about these types of sneaky viruses could save your business downtime and money in the future! Before sending any Google Docs invitations in the near future, be sure to inform the recipient outside of email that you’ll be sending the request, so they know that it’s legitimate. In any situation where you’re less than 100% certain of the sender, always question links before you click, and don’t hesitate to call ACM for any questions. Our technicians are happy to walk you through any situation to make sure you don’t fall victim to a phishing scam.