SAN FRANCISCO — Google is warning users to beware of a phishing scam spread by a fraudulent invitation to share a Google Doc.
According to online reports — in particular, a detailed user thread on Reddit — clicking on the share link was taking users to a site that asked permission for a fake app calling itself “Google Docs” to access their accounts. If they agreed, the app would then send additional phishing emails to the users’ contacts.
Google says it has disabled offending accounts, removed fake pages and updated its Safe Browsing feature, which issues warnings when users visit dangerous sites. It encourages affected users to run its security check feature.
One telltale sign: The attack email appears to be directed to the address firstname.lastname@example.org, and only blind copied to the recipient.