We received reports from different users regarding a scam email they received from others. This seems to be a test script that can have a much bigger effect and load in the future. The scam email comes as an invitation to a shared document using Google Docs from a familiar sender.
Here’s how it happens: the unsuspected user clicks on the shared Google link, and it requests access to the users’ email and contacts, and once the unsuspected user clicks ok, it will automatically send the same message to all of the user’s contacts using his emails, therefore, spreading fast. Google Drive ran into some difficulties today (May 3rd, 2017) which I suspect is related to this incident. Our support staff contacted Google Support, and after waiting on the line at least 30 minutes, they acknowledged that their Engineers were working on a fix.
A sample of the scam email:
What to do if you were affected by this?
- If you hit Allow, your contacts most likely already received the scam emails. The first thing to go is:Revoke the app’s access to your Google Docs. Goto: https://myaccount.google.com/permissions to revoke the apps access.
- Notify your contacts by this issue so they don’t keep spreading this email to their contacts if they are on Google mail.
- Notify your support staff to review their security settings, and to scan through their managed API to ensure nothing was added there.