DENVER -- A dangerously convincing Google Docs phishing scam hit email boxes on Wednesday.
By clicking the fake link, it will take you to a real Google-hosted login page with a list of Google accounts ready to click, Tech Crunch reports. It even has a google.com domain in the address bar.
Once you select an account, permission is asked to provide permission for an app called "Google Docs." Once you click "allow," the fake "Google Docs" app receives permission to read your emails and email your contacts.
This will spread the scam to almost everyone you have emailed.
Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX
— zach latta (@zachlatta) May 3, 2017
The best advice is to not click the link and delete the email. And never open links or download attachments from senders you are unfamiliar with.
But if you fell for it or think you might have been hit, Google says you need to reset your password and check your app permissions.
"We’ve removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again," Google told Gizmodo in a statement.
"If you think you may have accidentally given out your account information, please reset your password."
There should not be an app called "Google Docs" in app permissions. The real Google Docs automatically has access to your account.
If you see the fake Google Docs app listed you can remove it by clicking the label and hit "remove."