Pages

Wednesday, May 3, 2017

Email Scam - Fake Shared Google Docs

There is a particularly effective email scam that tricks you into sharing permanent access to your Google account -- including all or your email.  In this article, I will show you how to identify it and how to recover from it.

It starts with an email message like the one shown below.  It is a very convincing looking notification of a Google Doc being shared with you.  (Names redacted.)




If you click "Open in Docs", it will ask you to authorize access.



It looks innocent enough until you look closer, because it claims to be "Google Docs."  But anyone can be named Julius Caesar;  it doesn't make them a famous Roman emperor.  Likewise, this isn't really Google Docs.  To figure this out, click on the words "Google Docs" and you'll see that it is owned by a random gmail.com account and not google.com.


If you click "Allow," they will gain permanent access to your account, including all email and your list of contacts.  From there, they will send the same message to everyone in your address book.

So what do we do about it?

If you can spot the scam, then just close the "Google Docs would like to..." window.  You're lucky.  Lots of people are tricked by this.

If you were victimized, you need to do the following steps to kick the bad guys out of your account.  Until you do, they're still there.

First, click on your icon in the upper right corner of Gmail.



Then click on the big blue "My Account" button.

That will bring you to a page full of boxes of links.  Inside the "Sign-in & security" box, click on "Connected apps & sites".



From there, click on "Manage apps" near the middle of the page.



This will bring you to a list of apps and website that have access to your account.



Most are probably legitimate.  But if you see anything that you can't explain, just click on it to get more details.



You can see the date that you connected this app to your account under "Authorization date".  Use that as a guide.  If you just added the bad app, then it will have today's date.

If you want to remove something, click on the "REMOVE" button next to it.  If you can't find the button, you click on the item to make it visible.

It will double-check with you.  Click "OK" to continue.



When in doubt, remove something.  It is easy to reconnect apps to your account.

That is it.  Once you've kicked them out of your account, just keep an eye out for odd behavior. If someone shared a Google Doc with you, it won't ask you for access to your email.  So any Deny/Allow choices should raise suspicions.