MINNEAPOLIS (WCCO) — You may have received an email with a Google document recently, and if you don’t know the person who sent it, chances are you were the target of an international scam.
People around the word reported receiving the email phishing scam, and it’s been the top-trending story on Twitter much of the day. Experts said whoever created the scam made it look very real.
It’s a phishing scam designed to look just real enough that many were lured in. Some students at the University of Minnesota took the bait.
“A lot of my friends did this morning before we found out it was a virus,” senior Melody Colon said.
Melody didn’t fall for it, but here’s why some of her friends did. The email looks similar to one sent by Google, but it looks like it’s coming from another user. One giveaway is that real Google Docs will invite you to “edit” the following document. The scam asks you to “view” the following document. Also, the “to” address looks made up — from user, “hhhhhhhhhhhh.”
“I wondered why some student whom I never interacted with before was sending me a Google doc,” said Nick Hopper.
Hopper is a computer science professor at the University of Minnesota. He said when users click on the fake Google document, it seeks permission to access your account.
“If you go in to type in your password to log in, your password gets sent to the attacker and not actually to Google,” said Hopper.
The scammer can then use that information to access your bank accounts or credit cards. The fake email spread so quickly that schools, colleges, and even TV stations like WCCO, had to give employees a heads-up, because there’s a lot at stake.
“Somewhere between hundreds of millions to billions of dollars are lost to phishing scams each year,” said Hopper.
Google sent out a statement Wednesday saying they are investigating the email, and they are encouraging people not to click through it.
They are also asking people go report it as phishing within Gmail.
In any case, if you don’t recognize the sender, don’t open it.
If you clicked on the link and granted the scammer access to your account, your personal information may have already been exposed, but you can still revoke access:
1. Go to https://myaccount.google.com/permissions
2. Find the app called “Google Docs”
3. Revoke all permissions