Archive | May 3, 2017

Google Docs Scam (5/3/17)

We are seeing a round of emails similar to the one below hitting VCU. Upon clicking the “Open in Docs” link, you will be prompted to reauthenticate OR grant permissions to google for an app called “Google Docs”. In reality, this is not Google Docs, but rather a malicious app that was impersonating the real Google Docs. Once you grant access to this app, it will then read your contact list, and send a similar email to all of your contacts. Please make sure that you carefully check any email you receive asking to share documents. For now, if you receive something similar, delete it and do not forward it along.

UPDATE: If you have clicked on the link, was asked to grant permissions to the “Google Docs” app, and have done so, then please visit the Google Security Checkup site at, look at the “Check your account permissions” section, and remove any undesirable apps with access to your Google account. This malicious app will show up as “Google Docs” if it is connected to your account. 

*Please note, VCU have taken actions to successfully identify, quarantine, and clean any employees and student accounts that are affected. The above remediation steps apply to only personal Google accounts that may be affected.  


From: <>
Date: Wed, May 3, 2017 at 2:27 PM
Subject: James Schmeits has shared a document on Google Docs with you

Bill Smith has invited you to view the following document:

Open in Docs

Comments Off on Google Docs Scam (5/3/17)