University email users
This is a phishing attack ongoing for Google email accounts sent through an email address at “firstname.lastname@example.org.”. The phishing emails invite the recipient to open what appears to be a Google Doc, that says, “Open in Docs.”
If you click on the link you are providing access your Gmail account. Users are being sent a link stating that someone has granted them access to a file. Clicking on the link executes a worm to access the account. Once it has this access it harvests your contact list and emails people on it with more phishing emails.
What To Do
If you have clicked on the phishing link and granted permissions, you can remove permissions for the fraudulent "Google Docs" app from your Google account. Here’s how you can remove permissions:
- Go to your Gmail accounts permissions settings at https://myaccount.google.com and Sign-in.
- Go to Security and Connected Apps.
- Search for "Google Docs" from the list of connected apps and Remove it. It's not the real Google Docs.
Think before you click. Be careful around suspicious-looking emails. Many hacking attempts, including malware infections, come through links or attachments sent over email. If you have a question regarding the validity of an email you receive please contact JWU IT.