On May 3, a large phishing campaign launched targeting Google Docs users. Users reported receiving a phish email disguised to look like a request to view a Google Docs file.
The phish resembles the sample below:
Bcc: [your email address]
Subject: [Name] has shared a document on Google Docs with you
[Name] has invited you to view the following document:
Open in docs
Note that this email is sent to a suspiciously-named account, firstname.lastname@example.org, and not directly to the person receiving the shared document, as is standard when sharing Google files.
If followed, the link in the email would lead to a malicious web application disguised as a Google Docs interface, which would attempt to gain permissions to access the user’s Gmail account and Google contacts list. The application would then send the same email to everyone in the user’s contact list.
If you have received this phish, delete the email and do not click the link. If you have clicked the link, please change your Google password immediately.
For more information about this phishing campaign, see:
As a standard security practice, you should avoid opening any attachments or clicking any links in emails you are not expecting.