Malicious “Open in Docs” email

May 3rd, 2017 by Jim Buchanan

Many of you have received an email saying someone has shared a document with you.  However, the email is to another email address, hhhhhhhhhhhhhhhh@mailinator.com.  

These emails are malicious and designed to gain access to your address book among other Google features such as GMail.  Once the blue button, “Open in Docs” is clicked on, it will request permission to access your account.  If allowed, a script will run to generate the same malicious email to send to all of your contacts in your address book.

What to do if you clicked on the “Open in Docs” button and granted permissions?

If you clicked on the “Open in Docs” blue button and granted permissions:

  • Revoke access to “Google Docs” immediately. Google Docs doesn’t need to be granted access.  You may do so by accessing this link
  • Access your sent folder in Gmail to see if any emails have been sent out not by you

Google is aware of this problem and has worked to resolve it.

Update 6:30 AM, May 4, 2017:

Google has released the following statement:

“We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”

 

Comments are closed.