Home > Tech > Tech Industry

Google Doc phishing scam spreads like wildfire — here's how to spot it

It takes a careful eye.
 By 
Jack Morse
 on 
Share on Facebook Share on Twitter Share on Flipboard
Google Doc phishing scam spreads like wildfire — here's how to spot it
This is bad. Credit: Getty Images

A sophisticated phishing attack is racing across the internet, and may already have hit your inbox.

The definitely not-legit email disguises itself as an official message from Google alerting you that someone wants to share a Google Doc with you. Notifications of this sort are common and often wouldn't raise an eyebrow.

However, clicking through this particular link and taking the requested steps will open up your inbox — and potentially everyone on your contact list — to an as-of-yet unknown attacker.

And, like we said, the link looks real — complete with a little "Open in Docs" blue box.

Original image replaced with Mashable logo
Original image has been replaced. Credit: Mashable

Just how widespread is this? Numerous reporters at Mashable have received the same phishing email, as have students at Columbia University— as a warning email sent out by a member of the Philosophy department shows. The scam may have even hit the Capitol.

Original image replaced with Mashable logo
Original image has been replaced. Credit: Mashable

Google confirmed that it is aware of the problem and is looking into it.

According to one Reddit user, once a victim clicks on the fake Google Doc link, he or she is taken to a real Google page prompting you to select an account. After that, they are taken to a new page asking that they allow "Google Docs" to access the account.

Original image replaced with Mashable logo
Original image has been replaced. Credit: Mashable

If you click "allow," the attacker can access your account. And all your contacts will likely soon receive a fake Google Doc invite from you.

So, how to tell if that latest Google Doc your friend shared is real or fake? Thankfully, there are a few tell-tale warning signs. First, real Google Doc invites look different than the recent fake. Here's a legit one for comparison:

Original image replaced with Mashable logo
Original image has been replaced. Credit: Mashable

Notice the Google address at the bottom? And the box border formatting? The fake Google notification doesn't have that.

Second, expand the dropdown option in the menu bar next to the sender's name. Below is a real Google notification for a shared Google Doc.

Original image replaced with Mashable logo
Original image has been replaced. Credit: Mashable

Lastly, the spam email is also addressed to "[email protected]," which is an account with the disposable email service Mailinator.

What to do?

If you did happen to click on the malicious link and allowed attackers into your account, you can revoke that access relatively easily. First, go to your Google permissions page. There you will find a list of all the apps that have account access. One app, titled Google Docs, is the offender. Revoke its permission immediately, and then change your password.

So now that you know what's up, pay extra attention to any Google Docs coming your way. And, well, to anything asking you to click a link and enter your password or share account permission.

Featured Video For You
You know those suspicious emails about jobs you didn't apply for? This is what happens when you accept the job

Topics Cybersecurity Google

Mashable Image
Jack Morse

Professionally paranoid. Covering privacy, security, and all things cryptocurrency and blockchain from San Francisco.

Mashable Potato
Recommended For You
'The AI Doc' producer Daniel Kwan on the future and threat of artificial intelligence
By Mark Stetson and Kristy Puchko
Daniel Kwan, Charlie Tyrell, and Ted Tremper talking to Mashable about 'The AI Doc: Or How I Became an Apocaloptimist'
Stephen Colbert drops truths about the 'Melania' doc
By Shannon Connellan
Stephen Colbert presents The Late Show.
'The AI Doc' trailer: Sam Altman, Dario Amodei, and more discuss the precarious future of AI
By Belen Edwards
A large group of androids.
Win tickets to see 'The AI Doc' early at Mashable's advanced screenings
By Kristy Puchko
Composite of images from "The AI Doc: Or How I Became an Apocaloptimist."
Review: 'The AI Doc: Or How I Became an Apocaloptimist' is a panic attack, in a good way
By Kristy Puchko
Sketchbook with "What is AI?" written in it.
More in Tech
Amazon's sister site is having a one-day sale, and this Bissell TurboClean deal is too good to skip
By Tabitha Britt
A woman using the Bissell TurboClean Cordless Hard Floor Cleaner Mop and Lightweight Wet/Dry Vacuum.
The best smartwatch you've never heard of is on sale for less than $50
By Christina Buff
Nothing CMF Watch 3 Pro in light green with blue and green abstract background
Reddit r/all takes another step into the grave
By Alex Perry
Reddit logo on phone screen
Take back your screen from ads and trackers with this $16 tool
By Sponsored by StackCommerce
AdGuard Family Plan: Lifetime Subscription
The Beats Studio Buds+ are under $100 for a limited time at Amazon — save $70
By Lois Mackenzie
Beats Studio Buds
Trending on Mashable
NYT Connections hints today: Clues, answers for April 3, 2026
By Mashable Team
Connections game on a smartphone
Wordle today: Answer, hints for April 3, 2026
By Mashable Team
Wordle game on a smartphone
Google launches Gemma 4, a new open-source model: How to try it
By Matt Binder
Google Gemma
AirDrop on Pixel: Every Google smartphone that supports the Apple feature
By Alex Perry
Google Pixel 10 against blue background
NYT Strands hints, answers for April 3, 2026
By Mashable Team
A game being played on a smartphone.
The biggest stories of the day delivered to your inbox.
These newsletters may contain advertising, deals, or affiliate links. By clicking Subscribe, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up. See you at your inbox!