Skip to main content
Updated:
Original:

If you get an email about Google Docs, don't click it

It'll send a scam email to everyone you've ever emailed.

If someone really wants you to check out something on Google Docs, you shouldn't click the link – especially if you weren't expecting the email.

A bunch of emails are going around inviting people to view something on Google Docs, but it turns out it's probably a scam used to disguise a malware email. Redditor JakeSteam laid out what happened to him, noting the email looked legit – it even appeared to be from someone in his contacts.

JakeSteam says when you click on the fake Google Doc link, you're taken to a Google page where you're asked to pick an account. Then you're taken to a new page that asks you to allow Google Docs to access the account.

If you click allow, you're giving this fake Google Docs permission to read, send, delete and manage all your emails and contacts, and then it sends these scam emails to everyone you have ever emailed.

That's why the scam is spreading so quickly. It was trending on Twitter Wednesday afternoon, with people tweeting screen shots of the "sophisticated" phishing email, which doesn't seem to be blocked by spam filters.

It happened to one of our producers too. Within 9 minutes, he got three phishing emails – one on his Gmail account, and two on his work email (see the photo at the top of the page for what one of them looked like).

Mashable has a few tips to help you spot the fake Google Docs email. One of them is the scam emails are being sent from "hhhhhhhhhhhhhhhh@mailinator.com" – you can see this if you expand the sender details.

But if you've clicked through the link, you've already spammed everyone you've ever emailed. However, The Verge says you can revoke future access via Google's “Connected Apps and Sites” page.

The Atlantic says this scam is tricky because it's moving so quickly and because it's not clear what it's trying to do. Phishing emails are usually used to gain access to a person's email or accounts, but the publication says the motivation behind this attack isn't yet known.

In a statement to GoMN, Google said:

"We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail." 

For tips on how to stay safe from scam emails like this, click here. And a good rule of thumb is if something asks for a bunch of permissions – like the ability to read, send and manage all your emails and contacts – it's best to not give it permission, The Verge says.

Next Up

mpd aldi incident screengrab

Video shows MPD officer grab, throw Aldi customer

The department says the matter was referred to the Office of Police Conduct Review.

US Sec Defense Flickr - Joe Bide Nov 11 2021

Biden lays out wintertime plan to curb COVID's spread

It comes as the U.S. reported its second case of the omicron variant.

Willow River DOC

MN Dept. of Corrections offering $5K bonuses as it seeks to hire 200

The DOC is offering hiring bonuses for new employees and for referrals.

covid

3rd federal medical team to join COVID-19 fight in Minnesota

There are more than 1,500 people with COVID-19 admitted to Minnesota hospitals.

hospital, emergency room

Driver killed after other motorist crosses into opposite lane

The head-on crash occurred early Thursday, just north of the Twin Cities.

shot clock

MSHSL approves shot clock for Minnesota varsity basketball

Shot clocks will be required at all varsity games beginning in 2023-24.

Redmons Popcorn Colbert screengrab

Popcorn shop featured on 'The Late Show' has to close 2 days later

A county inspection after the national TV appearance found code violations.

covid, vaccine

Minnesotan infected with omicron was vaccinated, had booster shot

The Hennepin County man received his booster shot in early November.

Related

If you don't pay for Spotify, you might not get some new albums for 2 weeks

Some Universal artists will be able to make their albums available only for Spotify Premium users for two weeks.

If you don't pay for Spotify, you might not get some new albums for 2 weeks

Some Universal artists will be able to make their albums available only for Spotify Premium users for two weeks.

Google is going to stop scanning your emails to target you with ads

Didn't know Google has been doing this? It's been going on a long time.

Watch out for this Netflix 'payment declined' phishing email scam

The message looks legitimate, and tries to trick users into giving up credit card info,