The Google Docs phishing scam is spreading like wildfire. Even though Google is taking action to try and mitigate this, be wary of Google doc invites for now.
Here’s what seems to be happening:
- Clicking the link takes you to a real Google-hosted page, with a list of your Google accounts
- It then asks you to select an account and provide an app called “Google Docs”
- As soon as you click allow, the app now has permission to read all your email and access your account information.
- The scam can spread to almost everyone you have emailed as well
How do you know if you have been hit?
Check your Google account’s app permissions. There should not be an app called Google Docs there since the real Google Docs has access to your account by default.
How do I fix this?
Simply remove the app by tapping the label and hitting “Remove”.