Good afternoon, everyone, the internet is burning down. Or at least that's what it looks like over on Twitter, where many people are reporting that they have received a Google doc phishing scheme link — and that clicking it has led to some less-than-pleasant consequences. If you've seen the reports or are worried you've gotten one yourself, you're probably wondering: what does the Google doc phishing scheme look like? Unfortunately, it is very deceptive looking and easy to fall for — fortunately, enough people are spreading the word that the scam is becoming easier to identify, if you know what to look for.
First thing's first: be wary of any Google docs shared to you today. A Google spokesperson issued this statement to Bustle:
We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.
When you receive the email, it will appear from Google Drive, and look as if someone you know is trying to share a Google doc with you. The Google doc won't be preview-able, and will also have a second email CC'd to it: firstname.lastname@example.org.
Mailinator has also issued a statement on Twitter:
Thank you for all the reports. We're working on it. But remember, Mailinator can't send email. The phishing emails aren't coming from us.
Here is a screenshot a user shared to Twitter showing what the link looks like in your inbox:
The reason it looks like it is coming from one of your contacts is a scary one — once you click the link, not only does it compromise your personal information, but it also sends out emails to people in your address book with the exact same link claiming that it's from you. Essentially, if you accidentally open this link, you should get on social media and let people know not to open any emails from you inviting them to share a Google doc, so it doesn't happen to them, either.
So what exactly should you do if you accidentally click the link, not knowing what it is? First, you should disconnect your Wi-Fi to prevent further phishing. Once you warn people not to open emails from you, change the password to your email, any of your major social media accounts, and any accounts — in particular, online shopping accounts — where your information may be stored. As you can see from this video showing what happens when you click a phishing link, the information is all too easily compromised.
Immediately notify your bank and any credit card companies of the hack, and use malware software like Malware Byte to see the extent of the phishing and understand what steps to take next. Stay safe out there, internet dwellers! Keep your personal Gdoc links close, and keep your passwords even closer.