Crime & Justice

Did you get a weird invitation to edit a Google Doc? It's best not to click


There's a decent chance you — or someone you know — just got an odd email inviting you to edit a document on Google Docs. The email could be from a stranger, a colleague or a friend, but it's addressed to a contact that boasts a whole string of H's in its name.

In other words, it looks a little something like this:

This is what the subject line may look like in the email, for people using Microsoft Outlook. The telltale sign something's amiss: that email address with that long line of H's.
This is what the subject line may look like in the email, for people using Microsoft Outlook. The telltale sign something's amiss: that email address with that long line of H's.
Screenshot by NPR

Or, if you're looking at the invite in Gmail, it likely looks more like this:

https://twitter.com/zachlatta/status/859843151757955072

Either of these look familiar to you? Here's a handy tip: Don't open the link.

Trouble is, those invitations aren't what they seem. They are in fact malicious files intended to hijack recipients' accounts — and Google advises its users not to open them.

"We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts," a Google spokesperson says in a statement emailed to NPR.

"We've removed the fake pages, pushed updates through Safe Browsing," the statement continues, "and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."

https://twitter.com/gmail/status/859863893484593152

If this public service announcement has reached you too late and you're now staring in despair at an already opened link, Vice's Motherboard explains what to do next:

"If you have clicked on the link, go to your Google account's page (https://myaccount.google.com/permissions) where you can manage the permissions you've granted to apps (or go through the whole Google Security Checkup). Then locate the 'Google Doc' app. This looks totally legitimate, but it's actually not. If that's the malicious app that's gotten access to your account after you clicked on the link it should have a recent 'Authorization Time.' Now, click on that Google Docs app and click 'Remove.' "

https://twitter.com/tomwarren/status/859856662835941376

And, in case it helps, know at least that you're not alone.

Many people — especially journalists — reported receiving these invites Wednesday afternoon. Enough people, in fact, that the hashtag #PhishingScam began trending on Twitter and email inboxes clogged with nearly as many warnings about the scam as instances of the scam itself.

https://twitter.com/ibalkhy/status/859844591553581056?ref_src=twsrc%5Etfw&ref_url=http%3A%2F%2Fwww.npr.org%2Fsections%2Fthetwo-way%2F2017%2F05%2F03%2F526785635%2Fdid-you-get-a-weird-invitation-to-edit-a-google-doc-its-best-not-to-click

So, once you successfully delete that phishy email — or take steps to remove its gnarled claws from your hapless inbox — you can take comfort in the fact that, no matter what ails you, Twitter has some snark to cure it.

https://twitter.com/nicoleperlroth/status/859847909445074946?ref_src=twsrc%5Etfw&ref_url=http%3A%2F%2Fwww.npr.org%2Fsections%2Fthetwo-way%2F2017%2F05%2F03%2F526785635%2Fdid-you-get-a-weird-invitation-to-edit-a-google-doc-its-best-not-to-click

Copyright 2017 NPR. To see more, visit http://www.npr.org/.