Google Docs Email Phishing Scam Fix: How It Works and What to Do About It

UPDATE: Google has confirmed it has now fixed a phishing attack, where a sophisticated attacker was able to obtain contact lists, and access Gmail accounts to spread spam messages widely.

Google has taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. Google removed the fake pages, pushed updates through Safe Browsing, and Google’s abuse team is investigating and working to prevent this kind of spoofing from recurring.

+ + + + +

A new, but old-fashioned, phishing scheme is making the rounds on the Internet via email. People have received emails from an unknown contact that states the unknown contact “has shared a document on Google Docs with you.” If the recipient clicks the link, a page appears that asks for a your password. When the victim clicks the link, the victims is taken go to Google’s real login page, unlike many other phishing scams, which take victims to a fake log-in page (such as a fake bank site). After the Google Docs phishing victim logs in to their real Google page, they’re redirected to a malicious third-party site. The page, which may look like an official Google docs or cloud-related page, asks the victim to grant it permission to access the victim’s email account.

If victims don’t realize they’ve been redirected to a non-Google site, they inadvertently give hackers the ability to read their emails and send out emails on their behalf. Malicious software then accesses the victim’s address book and sends out more phishing emails to more victims with more phishing attempts.

Google users should be extra cautious during the next several days and weeks. It would be a good practice to double check with the sender by phone call or Facebook to confirm that they sent you an email related to a Google doc — just to make sure you don’t become a victim or miss an authentic sharing of a Google document. If a known contact has become a victim, a phishing email scam could originate from their email account, so don’t give complete trust to a known contact.

Never give a site extra permissions to control your email, even when the source is a known contact. A real Google Doc doesn’t need to ask for email control permissions.

Changing your Google password won’t protect you in this phishing scam case. Phishing victims that have been completely snagged need to revoke the permissions they unwittingly gave to the malicious app that would take over the victim’s account. To do that, victims need togo to the Google app permission page and look for the app called “Google Docs” — it’s not the real Google Docs service. Victims must click on that app, and then click “Remove.”


Mobile Wi-Fi, networking and cellular technology solutions business “” recommends the following step-by-step instructions for a fix, including deleting any emails that fit the following description:

“NAME OF CONTACT” has shared a document on Google Docs with you.” — especially, but not exclusively, from a contact you don’t know.

If a victim has already received one of these emails and clicked on the link, the phishing victim should follow these steps:

1. Go to

2. Click the text link “Connected Apps and Sites”

3. Select the text link “Manage Apps”

4. If an option for “Google Docs” appears (it’s fake), click it and click remove. Click “OK” to confirm.

Victims should remember to delete any emails that might contain the Google doc phishing scam, so they don’t accidentally open the email again, which would start the malicious process all over again.

Get updates from The Cardinal ALL NEWS FEEDS on Facebook. Just ‘LIKE’ the ‘Arlington Cardinal Page (become a fan of our page). The updates cover all posts and sub-category posts from The Cardinal — You can also limit feeds to specific categories. See all of The Cardinal Facebook fan pages at …

Help fund The Cardinal