Have you gotten an email today (or perhaps several), saying that someone from your contacts list shared a Google document with you? Think twice before opening it or clicking the link to access the doc.
A number of people have been victims of an apparent phishing attempt (where hackers try to get you to click on sketchy links) by an unknown organization starting around 11:30 am PT today.
At least some of the emails are addressed to "firstname.lastname@example.org" and appear to place the intended target in the BCC field. The subject line reads "[someone in your contacts] just shared a Google Doc with you," imitating the way Google emails appear when people share Google documents with one another. In this case, the app distributing the emails is a replica of the real Google Docs app.
If you click on the fraudulent link within the email, it will take you to a real Google page asking for widespread permissions across your Google accounts, which, if granted (don't), would give the attackers access to the vast amount of personal data stored on your Google accounts. For now, it doesn't seem like the hack can access this information unless you give it permission; however, if you open the link, it does seem to forward the email to everyone on your contact list.
A Google spokesperson said in a statement that the company has disabled the accounts where the hack originated: “We’ve pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.” The company did not specify where the attack came from or how many people were affected.
In a second statement to BuzzFeed News Wednesday night, Google said the attack "affected fewer than 0.1% of Gmail users." There are reportedly more than 1 billion Gmail users, meaning the attack affected fewer than 1 million accounts.
The company responded to the attack with a "combination of automatic and manual actions."
"We were able to stop the campaign within approximately one hour," the statement added. "While contact information was accessed and used by the campaign, our investigations show that no other data was exposed."
If you try to click on the link to the suspicious Google Doc now, you may see a screen saying "We're sorry...but your computer or network may be sending automated queries. To protect our users, we can't process your request right now."
The attack hit an unknown number of employees within BuzzFeed and seems to also target people outside of the organization, including school districts and universities.
Some federal agencies including the United States Geological Survey and contractors for the United States Agency for International Development have been affected by the hack, according to people working at those agencies.
If you search "shared a doc" on Twitter, the results keep piling up.
Here's what to do if you did click the link to the suspicious Google Doc:
- Go to the google security checkup and go through the checklist.
- Pay close attention to the Account Permissions section. Check for "Google Docs," and remove it. It's not the real Google Docs.
Blake Montgomery is a reporter with BuzzFeed News and is based in San Francisco.
Contact Blake Montgomery at email@example.com.
Got a confidential tip? Submit it here.