【Eng Sub】

A sophisticated phishing attack is Eng Subracing across the internet, and may already have hit your inbox.

The definitely not-legit email disguises itself as an official message from Google alerting you that someone wants to share a Google Doc with you. Notifications of this sort are common and often wouldn't raise an eyebrow.

However, clicking through this particular link and taking the requested steps will open up your inbox — and potentially everyone on your contact list — to an as-of-yet unknown attacker.

This Tweet is currently unavailable. It might be loading or has been removed.

And, like we said, the link looks real — complete with a little "Open in Docs" blue box.

Original image has been replaced. Credit: Mashable

This Tweet is currently unavailable. It might be loading or has been removed.

Just how widespread is this? Numerous reporters at Mashable have received the same phishing email, as have students at Columbia University— as a warning email sent out by a member of the Philosophy department shows. The scam may have even hit the Capitol.

Original image has been replaced. Credit: Mashable

This Tweet is currently unavailable. It might be loading or has been removed.

Google confirmed that it is aware of the problem and is looking into it.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

According to one Reddit user, once a victim clicks on the fake Google Doc link, he or she is taken to a real Google page prompting you to select an account. After that, they are taken to a new page asking that they allow "Google Docs" to access the account.

Original image has been replaced. Credit: Mashable

If you click "allow," the attacker can access your account. And all your contacts will likely soon receive a fake Google Doc invite from you.

So, how to tell if that latest Google Doc your friend shared is real or fake? Thankfully, there are a few tell-tale warning signs. First, real Google Doc invites look different than the recent fake. Here's a legit one for comparison:

Original image has been replaced. Credit: Mashable

Notice the Google address at the bottom? And the box border formatting? The fake Google notification doesn't have that.

Second, expand the dropdown option in the menu bar next to the sender's name. Below is a real Google notification for a shared Google Doc.

Original image has been replaced. Credit: Mashable

Lastly, the spam email is also addressed to "[email protected]," which is an account with the disposable email service Mailinator.

What to do?

If you did happen to click on the malicious link and allowed attackers into your account, you can revoke that access relatively easily. First, go to your Google permissions page. There you will find a list of all the apps that have account access. One app, titled Google Docs, is the offender. Revoke its permission immediately, and then change your password.

This Tweet is currently unavailable. It might be loading or has been removed.

So now that you know what's up, pay extra attention to any Google Docs coming your way. And, well, to anything asking you to click a link and enter your password or share account permission.

---

Featured Video For You

---

You know those suspicious emails about jobs you didn't apply for? This is what happens when you accept the job

---

Topics Cybersecurity Google

• Tech
• Entertainment
• Digital Culture
• Science
• Shopping
• Deals
• Games
• Social Good

• Best keyboard deals: Save on Asus gaming keyboards at Amazon
• The Morning News Roundup for February 5, 2014
• The Morning Roundup for January 24, 2014
• Open Ye Gates! Swing Wide Ye Portals! Part 2 by Edward McPherson
• NYT Connections Sports Edition hints and answers for May 19: Tips to solve Connections #238
• The Best Insults from Shakespeare’s King Lear
• The Morning Roundup for January 31, 2014
• Strawberries and Cream and Spinal Injuries by Dan Piepenbring
• Best Hydro Flask deal: Save $10 on a 24
• The Morning News Roundup for February 6, 2014

• Save $8 per month ($24 total) on Disney+ before the October price hikes
• Wordle today: The answer and hints for September 12
• OpenAI reportedly restructuring as a for
• TikTok ban update: Court case against U.S. government set to begin
• Best Amazon deals of the day: Galaxy Z Fold 6, SimpliSafe security system, UE Wonderboom 4, 50
• Windows laptop deal: Save $200 on the Acer Aspire 3 laptop at Target
• Best smart home deals this week [September 11, 2024]
• How to pre
• Best smartwatch deal: Get the Samsung Galaxy Watch 6 Classic for 58% off
• Best Amazon deals of the day: Garmin epix, Amazon Echo Hub, Apple iPad, Sony SRS

• 'The Last of Us' Season 2, episode 4: Why Ellie sings 'Take on Me'
• James Joyce’s modern heirs, the Hardy Boys’ strangest mysteries yet, and other news
• In 2014, Subscribe to the Paris Review and McSweeney's
• Common Language by Sadie Stein
• Episode 4: The Wave of the Future
• A Poem by Howard Moss, Born Today in 1922
• The Morning News Roundup for February 17, 2014
• On Russell Hoban’s “Turtle Diary”
• Virtual Reality: The True Cost of Admission (and Why It Doesn't Matter)
• W. H. Auden at the 92nd Street Y

• Best robot vacuum deal: Save $140 on roborock Q7 Max Robot Vacuum
• Remembering Loehmann’s
• Boring Prose to Help You Fall Asleep
• Writers Remember Ronald Reagan
• SpaceX's Starlink satellite launch in pictures
• Remembering Mavis Gallant
• Boring Prose to Help You Fall Asleep
• Sadie Stein on R. S. Thomas’s poem “Luminary”
• How to Easily Make iPhone Ringtones Using Only iTunes
• Morning News Roundup for January 28, 2014