If you’ve recently received a Google Docs email from a contact that you know, you might want to clarify with them if they really sent it to you. This is because according to reports, a number of users have been receiving such emails but in reality, these are phishing scams that have disguised themselves to look like a Google Docs invite email.
Clicking on the button that says “Open in Docs” takes users to the official Google dialogue box that will grant third-party apps permission to access your account, and it will also ask for permission to “Read, send, delete, and manage your email” and “Manage your contacts.” Should you somehow fall for this scam, this app will then take over your account and use it to send more similar phishing scams to your contacts, which is probably how it plans to spread.
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through, & report as phishing within Gmail.
— Gmail (@gmail) May 3, 2017
In a statement made to 9to5Google, Google said, “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”
The publication also noted that Gmail’s spam filters are already marking these messages as spam, so you should not even see them in your inbox to begin with, but if you do, like we said you’ll want to clarify it with the sender before clicking on it.