US-CERT is aware of a phishing campaign that affected Google Docs users. The campaign used spoofed email addresses to target users with emails purporting to share a document for collaboration. Once the targeted users accepted invitations, they were encouraged to allow the phishing program access to their email accounts. Google has taken action to protect users, including removing the fake Google Docs pages and disabling the offending accounts.
US-CERT reminds users that they play a critical role in protecting their organizations and themselves from cyber threats. Users should:
- Be careful when clicking directly on links in emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact your organization's helpdesk or search the Internet for the main website of the organization or topic mentioned in the email).
- Exercise caution when opening email attachments. Be particularly wary of compressed or ZIP file attachments.
- Immediately report any suspicious emails to your information technology (IT) helpdesk, security office, or email provider.
Users of Google Docs are encouraged to review Google's statement and US-CERT's Tip on Avoiding Social Engineering and Phishing Attacks for more information. You can report any suspected phishing emails to the anti-phishing group APWG.