Google Docs spam attack: If you’ve already clicked the link, here’s what to do

Spammers are attacking Google users with a malicious link which appears to be a Google Docs hyperlink. While Google has already said that they are working on fixing the issue, here is what you can do to make sure you are safe.

Updated: May 04, 2017 10:13:21

By HT Correspondent

Google said on Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages. (Google)

Spammers are on the rise again and this time their victim list includes almost all Gmail/Google users.

Alphabet Inc warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked.

Google said on Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages.

The attack used a relatively novel approach to phishing, a hacking technique designed to trick users into giving away sensitive information, by gaining access to user accounts without needing to obtain their passwords. They did that by getting an already logged-in user to grant access to a malicious application posing as Google Docs.

However, here are a few steps that may help you make sure that you are safe or at least you have raised an alarm:

A) Just delete it, your mom is unlikely to send you a Google Docs link

Spammers resolve to basic of the attacks and in this case the method can be termed as phishing.

The method includes sending an email that lures victims into clicking on links that download malicious software, or lure them into turning over their user names and passwords.

In this case, the malicious emails all appeared to come from a contact, but were actually from the address “” with recipients BCCed.

B) Whatever you do, multifactor authentication is your best, last defence

Google and most other email, social media and banking services offer customers the ability to turn on multifactor authentication. Use it. When you log in from an unrecognised computer, the service will prompt you to enter a one-time code texted to your phone. It is the most basic way to prevent hackers from breaking into your accounts with a stolen password.

C) Get them off!

If you accidentally clicked on the Google phishing attack and gave spammers third-party access to your Google account, you can revoke their access by following these steps:

Go to

Revoke access to “Google Docs” (the app will have access to contacts and drive).

D) Yes! Change your passwords one more time

If you’ve been phished, change your passwords to something you have never used before. Ideally, your passwords should be long and should not be words that could be found in a dictionary.

The first things hackers do when breaking into a site is use computer programs that will try every word in the dictionary. Longer and distinctive passwords are the best \. Security specialists advise creating anagrams based on song lyrics, movie quotations or sayings. For example, “The Godfather” movie quotation “Leave the gun. Take the cannoli,” becomes LtG,tTcannol1.

E) Raise the alarm or send an SOS

Most importantly, you need to report any phishing attack. Just click the downward arrow at the top right of your inbox and report the attack by selecting “Report Phishing.” Companies count on those reports to probe such scams and stop them.

First Published: May 04, 2017 07:58:00


more from tech

top news

don't miss

icc world cup 2019

This site uses cookies

This site and its partners use technology such as cookies to personalize content and ads and analyse traffic. By using this site you agree to its privacy policy. You can change your mind and revisit your choices at anytime in future.