The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission. 

Google phishing attack: How to stay safe online and what to do if you open a scam email

Anyone who uses Gmail or Google Docs might be a victim

Andrew Griffin
Wednesday 03 May 2017 21:38 BST
Comments
(Stephen Lam/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A malicious and smart scam is spreading like wildfire across the internet, infecting computers and compromising people's safety.

The Google phishing scam relies on an email that looks to be from the company, coming through Gmail and relating to Docs. But in fact it is the work of an unknown scammer who is using the attack to take control of people's emails accounts and maybe their most personal data.

It all relies on clicking on a link from an email that seems to have been sent by a friend. Anyone who has clicked on a Google Doc link recently could be a victim of the attack.

If you haven't yet clicked the link

First, it's worth making sure you haven't. If there's any chance that you might have done – which is to say, if you've opened any Google Docs links recently – then you should assume that you might be affected and follow the relatively simple steps below.

But if you definitely haven't, then the main thing to do is to remain vigilant.

First, don't click on any Google Docs links that you're not absolutely certain are legitimate – confirm through some other means with the person sending them that they intended to. If you don't ever click on such a link, then you can't fall victim to one.

And make sure that everyone else you know is vigilant about such scams, too. Also remember that if they are, they probably won't be opening any Google Docs invites you send them – if you need to share something, either let them know an invite is coming or preferably send it through some other means for now.

If you think you might have clicked the link

Firstly, don't panic. The potential effects of the scam are huge – but it's also relatively easy to undo much of the damage.

If there's any chance that you think you might have been hacked, then follow the steps below. There's no danger done by doing so even if you haven't in fact become part of the attack.

Now head to Google's My Account page, and head to the app permissions options. You'll be looking to remove the very bad but legitimate looking "Google Doc" from having any permissions – if it's there, and has a relatively recent authorised date, then you know that something's up.

Once it's kicked out of your account, the control the scam has over your account will be stemmed – it will no longer be able to read your email or send out the invites.

But its aftereffects may continue. And so you should do what you can to prevent those, too.

First, inform anyone that is in control of your network. In most workplaces and universities hit by the attack – which is targeting corporate email accounts using Google software as well as Gmail ones – there will be someone in IT or the network team who can help and ensure that the institution's computers are kept safe.

Second, get in touch with anyone you think you might have secretly sent the link to and share this article with them, to ensure that they too can stay safe. Don't spam your contacts, of course – but make sure that they are safe.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in