Back to Home

What Is the Google Docs Phishing Scam?

Cybercriminals continue developing frightening levels of sophistication into their scams. One particularly cunning example is the Google Docs phishing scam, which proved how everyone — even the most computer savvy — need to stay sharp and on the lookout for deceptive content and links. 

Google Docs Phishing Emails

“To google,” “googling,” and “Google” are all comfortable terms in modern language. The massive entity itself is a trusted and heavily relied-upon resource for business and personal communication, information gathering, document sharing, and is a platform for collaborative work. When a scammer phishes Google Docs to get into people’s sensitive information, it is quite unnerving.

The Google Docs phishing scam began with an email appearing to be sent from a known email address. The email included text referring to an “important document” link; once clicked, the user was brought to what appeared to be the Google Docs login page. However, the login page was an extremely well-crafted fake that included Google imagery and icons. Once the user logged into the fake page, scammers were granted access to the user’s account. As the email appeared to be from a known source, many people trusted and clicked the link.

One of the most exceptional marks of sophistication that made the scheme nearly undetectable was that it was hosted on Google’s servers. As such, the URL appeared as a normal, secure Google Doc’s URL would. In reality, it was a third-party app named “Google Docs”, mimicking the real Google Docs. 

Is the Google Docs Phishing Email Still Active?

The Google Docs email phishing scam took place in 2017 and is no longer active. Google and their abuse team aggressively stopped the massive campaign in less than an hour by removing the fake pages and applications, as well as by putting in place automatic and manual protective measures and updates for users. At the time, however, the scam was received with a cacophonous outcry from users wondering how a lapse in such trusted security could happen. 

A Google spokesperson mentioned in an email statement to The Register, a leading tech website, that fewer than 0.1% of gmail users were affected. Google reported over 1 billion active users in 2016 — the year before the Google Doc phishing attack — so around 1 million people may have been affected by the Google Doc phishing scam. 

Lessons From the Google Docs Phishing Scam

The number of people affected by the Google Doc scam showed just how seriously cybercriminals are striving to keep pace with security developments. Users can never be too careful taking precautions with online activity regardless of how competent or comfortable they feel. Everyone is vulnerable in some way, so the best measures are preventative as well as responsive, and you don’t have to be a tech wizard to protect yourself. 

Preventative actions may include the installation of security software, double-checking URL addresses, ignoring emails that look spoofed, and downloading apps that hide your personal information. Measures taken to hinder the ability of a scam to obtain sensitive information may include using an app to make multiple online email addresses, or making sure that the data you are sharing is encrypted and in your control. Creating and using multiple email addresses may not fully protect against cybercriminals, but it can help to operate using fake personal information all while keeping your sensitive information protected.