Why Security Experts Are Telling Gmail Users Not to Click That Link

May 3rd 2017

Kyle Jaeger

Wait, don't open that email.

If you received an email Wednesday that says a contact  "has shared a document with you on Google Docs with you," delete it. There's an apparent scam going around that's affecting Gmail accounts nationwide.

It's not an actual Google Doc. Someone seems to have created an app that's called "Google Docs," and when you click the link included in the email, it requests that you give the app permission to access your Google account.

It's unclear if the scam is meant to steal your personal information or implant malware on your computer (or both), but according to the Internet Storm Center it's being used to "further distribute phishing e-mails."

Google Docs became the top trend on Twitter shortly after the phishing attack was launched.

Several tweets indicated the phishing attack may be targeting media organizations.

If you did open the email, cyber security experts recommend changing your password immediately — and turning on "two-step" verification, so that logging in will require typing in a code you receiving in a text message.

"We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts," a Google spokesperson said in a statement emailed to ATTN:. "We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."

UPDATE 2:40 p.m. PST: This article has been updated to include a statement from Google.