The scam involves an email that is sent from an account asking to share what appears to be a Google Doc with the recipient. Upon clicking the “open” button, recipients are asked to input their password.
If you received this email, do not open it.
The “Google Doc” is fake, and once a password is submitted, the victim’s real Google Docs page and email account become vulnerable.
“We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail,” Google said in a statement on their Google Docs Twitter account.
Individuals who received the email can report the phishing attempt to Google at this link.
If you already input your password into the fake “Google Doc,” there is something else you can do. Click here to see apps connected to your Gmail account. If you see “Google Docs” on that list, delete it — it’s associated with the fake “Google Doc,” not the real Google Docs program, which does not need this permission to function.