Advertisement

Widespread Google Docs spam is a phishing scam

Credit: MGN
Credit: MGN(WITN)
Published: May. 3, 2017 at 2:43 PM CDT
Email this link
Share on Pinterest
Share on LinkedIn

If you receive an email saying a document on Google Docs was shared with you, DO NOT OPEN IT.

Our newsroom receiving dozens of emails from people sharing a document on Google Docs with us starting after 1 o'clock Wednesday afternoon. Normally, a document being sent to a news organization isn't suspicious, but the sheer number of them coming within minutes of each other shouted "spam."

We found local county governments, school districts, private businesses and personal email accounts receiving the same emails. Then we heard warnings from all over the country, from universities, sporting organizations and others.

Alerts are being shared on social media all over the country: "Do not open these emails. Delete them."

The emails appear to be from legitimate email addresses, maybe someone you know. They were probably on the contact list of a victim whose account was compromised.

The To: address is "hhhhhhhhhhhhhhhh@mailinator.com."

The link in the emails direct you to a website which says it's Google.com. You're asked to give permission to Google Docs to manage your emails and your contacts.

These emails appear to be a phishing scam. By giving your permission, a script begins running in the background and you've given up the keys to your Google account to people or groups unknown.

We've seen several reports of people saying they were shut out of their accounts. Some on Reddit report having their emails or documents deleted while their contact list is hijacked.

So far it doesn't appear any specific institutions were the target.

"It appears to be a denial of service attack -- simply somebody trying to bring the internet down, cause disruption and make trouble for people. It's not, so far as we can tell, not causing any serious damage to computers. It's just spreading quickly and a nuisance," Anne Milkovich, Chief Information Officer for UW-Oshkosh, said.

Google says it has disabled offending accounts, removed fake pages and updated its Safe Browsing feature, which issues warnings when users visit dangerous sites. It encourages affected users to run its security check feature.

If you opened one of these emails:

1. Change your Google account password immediately. Consider enacting two-step verification, which requires you to use both a password and a code number to log in to your account.

2. Go to "My Account" and remove Google Docs access. If caught in time, this should stop a malicious script from running on your Google account. You're only removing permission for the malicious app, not Google's platform.

3.

. Cyber security expert Curt Esser of Esser Consulting in Appleton also says you should run a virus scan on your devices. He added,"They could steal any email, access any emails which if it's tied into any accounts, financial accounts, any website accounts, anything else there, they could in effect take that over as well."

4. Esser further advises if you think spam was sent to people on your contact list, send an email to everyone on your list letting them know to delete the Google Docs email so they do not click on it.

While the Google Docs spam is now widespread, some local schools and institutions initially thought it was affecting their community. They sent warnings to students and parents:

 If you opened one of these emails:

1. Change your Google account password immediately. Consider enacting two-step verification, which requires you to use both a password and a code number to log in to your account.

Set up Google 2-step Verification

2. Go to "My Account" and remove Google Docs access. If caught in time, this should stop a malicious script from running on your Google account. You're only removing permission for the malicious app, not Google's platform.

See your Google permissions

3. Cyber security expert Curt Esser of Esser Consulting in Appleton also says you should run a virus scan on your devices. 

Perform a Google security checkup

4. Esser further advises if you think spam was sent to people on your contact list, send an email to everyone on your list letting them know to delete the Google Docs email so they do not click on it.

Latest News

Latest News