New Google Docs Phishing Emails


Opening up an "Invitation to edit" email today from Google Docs may be a phisihing email in disguise. 

If someone invites you to edit a file in Google Docs today, don’t open it — it may be spam from a phishing scheme that’s been spreading quickly this afternoon. As detailed on Reddit:

The spam email:

  • Uses the existing Google login system
  • Uses the name "Google Docs"
  • Is only detectable as fake if you happen to click "Google Docs" whilst granting permission
  • Replicates itself by sending itself to all your contacts
  • Bypasses any 2 factor authentication / login alerts
  • Will send scam emails to everyone you have ever emailed

What is Phishing? 

Criminals send out a wave of spam email. Each email contains a message that appears to come from a well-known and trusted company. Usually the message includes the company's logo and name, and it often tries to evoke an emotional response to a false crisis. Couched in urgent, business-like language, the email often makes a request of the user's personal information. 

Related: Microsoft Warns of Tax Themed Cyber Attacks

This attack targets uses a real Google sign-in screen, then asks users to “continue to Google Docs.” This grants permissions to a (malicious) third-party web app that’s simply been named “Google Docs,” which gives phishers access to your email and address book.

The difference between this and a very simple email phishing scheme is that this doesn’t just take you to a bogus Google page and collect your password — something you could detect by checking the page URL. It works within Google’s system, but takes advantage of the fact that you can create a non-Google web app with a misleading name. Here’s what the permissions screen looks like, for example:


 Screenshot from


Protect your Organization & Identify Breaches before they cause damage.
The Enterprise Mobility Suite (EMS) is an all encompassing security solution, that allows you to use Microsoft's products closely together to fully manage your user's; identities, how they log into your services and the devices they use. Download our Webinar Here


Leave a Comment