On 3 May 2017, reports of Google Docs phishing attacks surfaced.
Initial stories suggested that journalists were the primary target of the purported Google Docs vulnerability, but subsequently released information suggests that no particular group of users were at risk. Reports widely reference an origin e-mail address of "hhhhhhhhhhhhhhhh@mailinator.com," with others copied on the message.
Vice was one of the first outlets to cover the rumors:
A massive phishing campaign targeting Google accounts is ripping through the internet right now.
Several journalists, as well as people working in other industries, have said they've received emails containing what looks like a link to a Google Doc that appears to come from someone they know. These, however, are malicious emails designed to hijack your account.
At approximately 4:15 P.M. Eastern Time, GMail sent a tweet confirming they were investigating reports of a vulnerability and warned users to be on alert:
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through, & report as phishing within Gmail.
— Gmail (@gmail) May 3, 2017
Zach Latta of HackClub.com tweeted a series of tips for users who believed they were infected by the phishing attack:
How to fix fake Google Docs phish:
1. Go to https://t.co/60z1CDeunO
2. Find the app called "Google Docs"
3. Revoke all permissions— Zach Latta (@zachlatta) May 3, 2017
Note: they may still have your info on their servers. Can't do anything about that, but this prevents further use of your Google account.
— Zach Latta (@zachlatta) May 3, 2017
I'm sending this to people that got phished. pic.twitter.com/3uP7NvQDkt
— Zach Latta (@zachlatta) May 3, 2017
Update: Google revoked the app, there's nothing more to do. Attacker likely has victim info on their servers, but no more account control.
— Zach Latta (@zachlatta) May 3, 2017
Google has advised people with security concerns to review their Google permissions for unauthorized apps, including one called "Google Docs".