04 May 2017

Google Docs phishing attack

Over the past few days, an international phishing campaign targeting Gmail users has been underway.

Many Gmail users are receiving an invitation to join a Google Doc from a friend in their contacts list. This link directs the user to google.com, while also giving the attacker access to the user's email inbox. This allows the attacker to read, send and delete emails, and communicate with the user's contacts. Google has since disabled this attack, though thousands of people have reported clicking on the link already.

What to do


If you've clicked on a link like this, or think that you may have been affected, CERT NZ recommends that you follow these steps, as provided by Recode.net. 

  1. Go to your Google account management page. 
  2. If you see an app called Google Docs, click on it to revoke permission for the app to access your account.
  3. Change your password, just to be safe.
  4. Enable two-factor authentication on your account as an extra precaution. Two-factor authentication gives you the option to have a code sent to another device, like your phone, that you can use to authenticate who you are when you login. That way, only a person with both your password and the code can access your account.

Read the Recode.net report

Many sites are reporting that it's fine to use Google Docs, as that wasn’t actually compromised. Google have stated that "We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again."

More information

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ