Campus Targeted by Google Docs Phishing Emails | Office of Information Technology

Campus Targeted by Google Docs Phishing Emails

Last Updated: 05/04/2017

The campus has recently been targeted by malicious emails that attempt to gain access to a recipient’s Google account. The email claims that someone shared a Google Doc and invites recipients to open the document in Google Docs, while in fact it is actually a malicious Google app named “Google Docs” which is asking for permission to “Read, send, delete and manage your email” and to “Manage your contacts”. Once access has been granted to this malicious app, the application can use the granted access in the background without any further notice. A real Google Doc should never ask for permissions to your email, contacts, drive or any other account data. If you receive one of these emails, do not click on the “Open in Docs” link. Individuals who received this email should simply delete the message. 

CU Boulder Google Accounts

If you clicked on the link and allowed the malicious app access to your @colorado.edu Google account, OIT was able to utilize Google administrative management tools to remove the app from your account. While we don’t believe passwords have been compromised in this specific instance, you may want to change your password as a precaution.

Personal Google Accounts

If you clicked on this malicious “Google Docs” app link and granted access to a personal Google account, the following steps will help you review and remove the malicious app:

  1. Visit https://myaccount.google.com/
  2. If you are not already signed-in, use the sign-in button in the upper right hand corner and login with the credentials for the account in question.
  3. Use the “Sign-in & Security” link in the left hand column to review your access settings.
  4. On the menu on the left hand side, click on “Connected apps & sites”
  5. In the “Apps connected to your account” box, click on “MANAGE APPS”
  6. A list of all apps that have received permissions to your account will be shown. Review the list and look for “Google Docs”. If you see the “Google Docs” app listed, click on it.  A “REMOVE” button will appear. Click “REMOVE”.
  7. A prompt will ask you “Are you sure you want to remove access?”. Click “OK”.
  8. While we don’t believe passwords have been compromised in this specific instance, you may want to change your password as a precaution.
  9. Google has also provided additional recommendations to help secure your account.

If you need assistance, contact the IT Service Center during regular business hours at 303-735-4357 (5-HELP from a campus phone).  

Following is a sample of the malicious message:


From: [Address Removed]

To: hhhhhhhhhhhhhhhh@mailinator.com 

Subject: [Sender name removed] has shared a document on Google Docs with you

Sent: Wednesday May 3, 2017

[Sender name removed] has invited you to view the following document:

OPEN IN DOCS

-------------------------------------------------------------------------------------------------------------

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.

-------------------------------------------------------------------------------------------------------------


Be Aware

  • The university will never send email asking for private data (e.g. passwords, SSNs, credit card numbers, etc.) Always be suspicious of messages asking for private information.
  • If you ever receive a suspicious email, do not reply or click any links or open attachments.
  • You might receive a phishing email from someone you know, particularly if that person’s account has been compromised through a phishing attack.
  • It’s good practice to never click a link in an email. Instead, open a web browser and type the website address or search for it using a legitimate search engine.
  • A legitimate Google Doc shared with you should never ask for additional permissions to your email, documents or any other data. You might be asked to login to access the document, but should never need to grant additional permissions to other account data.
  • It is always a good idea to ask yourself if a new app truly needs access to your data or account information. (This can apply to Google, Office 365 or other services.)

 Learn More

Although the university uses technology to block malicious emails and phishing websites, this technology is no substitute for being a conscientious Internet user. You can report messages that you believe might be phishing attempts. There you will also find a link to a site that lists recently reported phishing attempts.

If you ever have questions about the legitimacy of a message, you are welcome to contact the IT Service Center at help@colorado.edu or 303-735-4357 (5-HELP from a campus phone).