Alert

Google Doc Gmail Phish

Updated

A group of malicious actors are currently exploiting a Google vulnerability to send out a mass volume of phishing emails messages, exploiting the Google Docs invitation mechanism. Many of you may have received an email containing what looked like a link to a Google doc that appeared to come from someone you may know.

This issue is currently affecting all Google users worldwide. These emails were designed to hijack your account through a malware infection or other method that can compromise your computer.

To view a copy of the email and what it may look like, visit our phishing page at https://www.it.ucla.edu/security/alerts/phishing-scams/google-doc-gmail-phish.

If you receive an email to your Enterprise Messaging account with the subject line "(name) has shared a document on Google Docs with you," DO NOT click on the "Open in Docs" link within the email message.  

If you receive an email to your Google Mail account with the subject line "(name) has shared a document on Google Docs with you," DO NOT click on the "Open in Docs" link within the email message.

The (name) component of the subject line may be someone you recognize from UCLA, someone in your contacts, or possibly someone that you don't recognize. Regardless, you should NOT open these email messages.

If you have already clicked on the phishing link and granted permissions, you can remove permissions for the fraudulent "Google Docs" app from your Google account.  Remove these permissions as follows:

  • Go to your Gmail accounts permissions settings at https://myaccount.google.com and sign in.
  • Go to Security and Connected Apps.
  • Search for "Google Docs" from the list of connected apps and Remove it. It's not the real Google Docs.

Please contact your departmental Help Desk if you have already opened one of these emails and clicked on the link so that they can assist you in getting your computer repaired.

Fixes are also in both articles below.
 
https://motherboard.vice.com/en_us/article/massive-gmail-google-doc-phishing-email
 https://wp.nyu.edu/itsecurity/2017/05/03/widespread-phishing-attack-on-google-docs/