READ THIS Before you click on this Google Docs link!


Warning! A new OAuth phishing email is massively spreading among your contacts through Google Docs.


Google Docs Phishing

Be extremely careful if you recieved this type of email: "John Smith has invited you to view the following document". Even if it’s from a friend of yours, always check if they really sent you this invitation.


This is a fake link. It will send you to a page which says, "Google Docs would like to read, send and delete emails, as well access to your contacts", asking your permission to "allow" access.


Ecran d'autorisation d'accès Google Docs


Once you’ve allowed the access, you immediately give permission to the hackers to:

  • Manage your Gmail account
  • Have access to your emails, without needing your Gmail password
  • Have access to all your contacts and spread among them
  • Enter everything your Google account manages: Facebook, Twitter, business e-mail accounts, pictures, your phone…

This OAuth phishing email is incredibly dangerous and quick. It hits multiple organizations and media outlets that use Gmail, and thousands of individual users.

What if I have clicked this phishing link?


If you have clicked on the phishing link and granted permissions, you can remove it:

  • Sign into your Gmail account.
  • Go to Security and Connected Apps.
  • Search for "Google Docs" from the list of connected apps and Remove it. It's not the real Google Docs. 

Follow us on Twitter to be informed about future cyberattacks!