Massive Google Docs scam roils users in US, elsewhere

By Barry Eitel

SAN FRANCISCO

Emails sent to Gmail users says friend wants to share Google Doc, but program steals user information

AA-Scammers tried to steal users personal information Wednesday by impersonating popular online word processor Google Docs.

The scam is known as phishing and revolves around a hacker posing as a legitimate service in an attempt to fool unsuspecting users into thinking they are inputting their personal information like phone numbers or passwords on the site.

In the Google Docs scam, victims received an email that said an acquaintance wanted to share a Google Doc. If the link was clicked, the user was directed to a web page that asked for log-in information that looked like an official Google page. If the account information was entered, hackers would instantly have access to all of the user’s Google accounts.

Reports of the scam were first reported around 2.30 p.m. Eastern time (1830GMT) and Google said the issue was resolved about 30 minutes later.

“We are investigating a phishing email that appears as Google Docs,” the Google Docs team tweeted. “We encourage you to not click through & report as phishing within Gmail.”

The scammers built an app inside Google that collected the victims’ information. The app was confusingly named “Google Docs” to avoid raising eyebrows. In order to quickly solve the issue, the company simply revoked the deceptively-titled app.

It is unclear how much damage the program caused but the response on Twitter and elsewhere online suggests the scam was widespread. Gmail has about 1 billion users worldwide, Google revealed last year.

Security experts recommend Gmail users delete emails that ask them to click on a shared Google Doc. If the account information was inputted, users should check authorized apps at myaccount.google.com/permissions.

If Google Docs is one of the apps, users should immediately revoke permission for the app and change passwords.