If there’s one thing the 2016 election taught us, it’s that phishing attacks are becoming more and more sophisticated—and that it’s easier than ever to fall prey to them.
With that in mind, be forewarned: a spear-phishing scam is making its way through everyone’s emails. If you see an email from someone you know that kind of sort of looks like it’s a Google Doc they want to share with you, don’t click it.
Here’s what a standard Google Doc invitation looks like.
(Yes, that is a Google Doc titled “dicks.” When you work on the internet, you deal with dicks a lot.)
Here is the spearfishing attempt. Notice the differences.
There’s no grey background, it’s lacking the Google signature, and the spacing is much too tight.
Many were impressed with some of the levels of sophistication once they clicked.
Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX— zach latta (@zachlatta) May 3, 2017
If you get a “Google Docs” shared document today, don’t click it. It got past spam filters and a lot of people are falling for it right now.— Adam Steinbaugh (@adamsteinbaugh) May 3, 2017
Over on Reddit‘s main Google forum, user JakeSteam broke down exactly what happens.
According to one user on Twitter, the scheme was so successful it crashed whoever put it together.
Google phishing scheme spreading like wildfire, uses app authorization to compromise. Attacker's backend has crashed due to rate of success? pic.twitter.com/l1AFRz7QjK— cda (@CDA) May 3, 2017
Slowing grinding to a halt in terms of responsiveness, throwing errors or timeouts with Cloudflare. pic.twitter.com/EyHsSD7ahA— cda (@CDA) May 3, 2017
The Electronic Frontier Foundation says that it is not believed to put malware on your computer.
Google has not yet responded to requests for comment regarding the phishing attack.
Update 4:50pm CT, May 3: In a statement provided to the Verge, Google said they had taken steps to halt the phishing attack and that the matter was resolved.
“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”