Advertisement

Google Docs phishing email forces Google to issue warning on Twitter

This Wednesday, April 26, 2017, photo shows the Google mobile phone icon, in Philadelphia. Alphabet Inc., parent company of Google, reports financial results, Thursday, April 27, 2017. .
This Wednesday, April 26, 2017, photo shows the Google mobile phone icon, in Philadelphia. Alphabet Inc., parent company of Google, reports financial results, Thursday, April 27, 2017. . AP Photo/Matt Rourke

A phishing email spread so quickly Wednesday, it forced Google to issue a warning on Twitter about opening Google Docs.

“We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail,” the company explained on Twitter.

This particular email could seem innocuous enough as it may come from someone you know, as Reddit user JakeSteam explained.

“I received an email that a Google Doc had been shared with me. Looked reasonably legit, and I recognized the sender,” he wrote.

But a closer look shows that the email wasn’t sent by a contact, but by an automatically-generated email, such as hhhhhhhhhhhhhhhh@mailinator.com.

He went on to explain that although the email itself looked legitimate, the URL attached to the document seemed “off” somehow.

Story continues below advertisement

WATCH: Google apologizes to ad clients for YouTube content fiasco

Google apologizes to ad clients for YouTube content fiasco
Google apologizes to ad clients for YouTube content fiasco

JakeSteam explained If you were to click, you are taken to a legitimate Google screen which will ask you to allow Google Docs to access your Google account.

“If I click ‘Google Docs,’ it shows me it’s actually published by a random gmail account, so that user would receive full access to my emails [and could presumably therefore perform password resets etc],” he wrote.

The virus then appears to send the email to all of your contacts, and possibly, everyone you have ever contacted.

“This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.

Cappos said he received seven of those malicious emails in three hours on Wednesday, an indication that the hackers were using an automated system to perpetuate the attacks.

He said he did not know the objective, but noted that compromised accounts could be used to reset passwords for online banking accounts or provide access to sensitive financial and personal data.

Tom Warren of the Verge explains how to delete the virus from your account.

–  With files from Reuters

Story continues below advertisement