Google Doc Phishing Email Information

Google Doc Phishing Email Information and Prevention

Overview

A recent sophisticated Google Doc phishing email hit the entire internet and stated that someone shared a Google Doc with you. Unlike past Google Doc phishing emails, this one did not install any malicious software when the user clicked the "Open in Docs" button. Instead, it asked for permissions to gain access to your Google account. 

The email was made to duplicate an actual email that is sent when you share a Google Doc with someone. The only difference is the "To" field that contains a suspicious @mailinator recipient (see image below).

Google Phishing Email

What to do next

In this instance, Google acted quickly to take all necessary precautions to protect users. "On Wednesday, May 3, we identified, investigated, and resolved an email phishing campaign that affected some accounts in your domain. This issue was addressed within approximately one hour from when Google became aware of it. Please note that we have already taken action to protect all users, and no further action is necessary." 

What to do if the email reappears in the future

If you clicked on the "Open in Docs" button and granted access to the third party app, you will need to use this link (https://myaccount.google.com/permissions) and remove authorization to any unrecognizable app. After removing access, you will also need to change your FSmail password.

Apps that are granted access by users, to their Gsuite accounts, cannot be subsequently denied access with a password change.  The technology used to allow these apps access to your account is specifically designed so that the app does not have to have your password to access your account in the first place. Use discretion when granting access to apps that ask to integrate with your Gsuite (formerly Google Apps). If you do allow this access on occasion, we recommend using a personal Gmail account, not your Bradley account.