Google logo as a fishing hook with Google doc icon as bait

Illustration by Jason Reed

This sophisticated Google Docs phishing attack is fooling everyone

Be careful.


David Covucci


Published May 3, 2017   Updated May 24, 2021, 3:40 pm CDT

If there’s one thing the 2016 election taught us, it’s that phishing attacks are becoming more and more sophisticated—and that it’s easier than ever to fall prey to them.

With that in mind, be forewarned: a spear-phishing scam is making its way through everyone’s emails. If you see an email from someone you know that kind of sort of looks like it’s a Google Doc they want to share with you, don’t click it.

Here’s what a standard Google Doc invitation looks like.

gmail phishing attempt: iamge of normal google docs
Image via Gmail

(Yes, that is a Google Doc titled “dicks.” When you work on the internet, you deal with dicks a lot.)

Here is the spearfishing attempt. Notice the differences.

gmail phishing attempt: screengrab of phishing attempt

There’s no grey background, it’s lacking the Google signature, and the spacing is much too tight.

But it’s still fooled a bunch of people. Twitter was quick to jump all over the attempt, warning people to not click.

Many were impressed with some of the levels of sophistication once they clicked.

Over on Reddit‘s main Google forum, user JakeSteam broke down exactly what happens.

New Google Docs phishing scam, almost undetectable from google

According to one user on Twitter, the scheme was so successful it crashed whoever put it together.

The Electronic Frontier Foundation says that it is not believed to put malware on your computer.

Google has not yet responded to requests for comment regarding the phishing attack.

Update 4:50pm CT, May 3: In a statement provided to the Verge, Google said they had taken steps to halt the phishing attack and that the matter was resolved.

“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”

Share this article
*First Published: May 3, 2017, 3:24 pm CDT