Weerapatkiatdumrong via Getty Images
If you received an out-of-the-blue email purporting to share a Google Docs file, you're not alone -- and whatever you do, don't click the link inside. Many people online, including more than a few journalists, have been bombarded with phishing email (currently from a mailinator.com account) that tries to trick you into opening a fake Google Docs link. If you click through and grant a bogus "Google Docs" app access to your Google account, the perpetrators get into your email. And of course, havoc follows after that -- the app spams email to everyone you've ever messaged, and bypasses Google's usual login alerts (including for two-factor authentication).
There have also been reports of Google Drive struggling at the same time, although it's not certain the two are related. Drive was up and running as we wrote this.
It's not certain who's behind the phishing attempt, or just what the fake Google Docs app is doing. We've reached out to Google for more. However, the company already says it's investigating the scam. The one thing that's for certain is the sheer scale and effectiveness of the attack. Both the email and the web pages look very legitimate, so it's all too easy for even seasoned internet users to fall prey to the attack. It could be a while before the phishing campaign goes away, let alone before we know the full extent of the damage.
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.
— Google Docs (@googledocs) May 3, 2017
Can you pick out the malicious login page? pic.twitter.com/RCcJ3g0N50
— Brandon Frohs ❄ (@0b10011) May 3, 2017
ATTENTION: DO NOT CLICK ON A GOOGLE DOCS LINK IF YOU GOT AN EMAIL FROM ME
— Joe Bernstein (@Bernstein) May 3, 2017