Google Docs Sharing Scam

May 05, 2017

Google Docs Sharing Scam

An email scam circulated that appeared to be from a legitimate email address that looked like someone was trying to share a Google Document with you.  The email included the blue button to "Open in Docs".

As UCSC uses Google sharing extensively it was easy to believe this was a legitimate invitation and many individuals on campus did click the link.  This is a good reminder to never click on a link in an email from an unknown source or that you were not expecting.  Always check with the individual who shared a document with you if there is any question as to the legitimacy of the message.

This attack was dangerously convincing and pretty sophisticated. Instead of tricking someone to click on a link to give up their password or personal information, it instead tricked the person into granting permission to a third-party application who then had privileges to access their account, their contacts, password resets, and emails. What’s even scarier, once the person clicked on the link they were taken to a very real-looking (but fake) Google authentication page where permission was granted for the attacker to access the account.  

By acting quickly, Google had the phishing attack under control in about an hour through a combination of actions. ITS also took action by purging the scam message from everyone's UCSC email inbox. Only Gmail contact information was accessed during the attack and Google's investigation shows that no other data was exposed.

For more information on how to identify and report a phishing scam visit:

Good Security Practices Reminders

Change your UCSC Blue and Gold Passwords

On a regular basis, it’s a good idea to change your Blue and Gold passwords and set your security questions by going to the CruzID Manager website at Instructions are available at:

Don’t reuse your Blue and Gold passwords for other accounts or access, especially personal accounts.

Perform a Google Security Checkup

This checks your Google Account settings and activity to make sure that you've approved all of the apps and other content that can access your Google account. NOTE: When you run the check, in the "Check your recent security events" section, you may  see daily "Changed password" listings. This might look alarming, but it's completely normal and part of the daily automatic updates generated by the system. If any of these password changes were made in a location you do not recognize you may need to take further action. To run the security check go to:

Turn on 2-Step Verification

It wouldn't have helped prevent the phishing attack, but having 2-step verification turned on makes it harder for someone to sign in to your account should your password ever be compromised. Here are instructions for turning on 2-step verification:

For more information about the Google Docs phishing scam, visit: