There is a malicious Google Docs email that is spreading like wildfire right now -- and it can cause you serious harm if you fall prey to it as so many others have.

Here is what you need to know not to become a victim:

What is the email?

The email appears to be from someone you likely know and contains a link to a document that that person is sharing with you. Except, the email was not sent by your colleague, and the link does not open a legitimate document; it takes over your Google account (and, in some variants, may spread malware) and may inflict all sorts of harm. It uses an app called Google Docs -- but it is not the real Google Docs.

What does the dangerous email look like?

Above is an image of an attack that I received -- it came with the return address of a known journalist with whom I have collaborated in the past. Emails like this with different return addresses have hit others in the Inc. office.

In this case, the strange recipient address is a good hint that something is amiss. But yours may arrive just to your address. Before opening any unexpected attachment, confirm with the sender.

Won't my security software stop it?

In many cases, no. For whatever reason, this email was not stopped by the spam filter on my mail server, nor by the spam filter on my computer, nor by the internet security software on my computer, nor by any other technical solution along the mail path. The only thing that stopped me from becoming a victim was my own human vigilance.

And that is what you need as well.

What should you do?

Do not click the link if you receive an email like the one above. If you are expecting a Google Docs attachment, text or call the sender to confirm legitimacy before opening anything.

Also, make sure you have up-to-date security software on every device -- computer and mobile. While this particular attack may not be caught by some systems (yet), millions of others are stopped automatically.

What do I do if I clicked the link?

Disconnect your device from the internet. Immediately.

Notify all of your contacts that a malicious email may have been sent from your account (it is best to do this on social media, not just via email). Tell them not to open it or click links in it. You can send a link to this article as a reference to what is going on and what to do.

If you have access to someone knowledgeable about information security, ask her or him to help you.

Block access for "Google Docs" via the real Google's permissions page at: https://myaccount.google.com/permissions

Back up all of your data to a new backup device and do not attach it to anything else.

Run a full scan of your computer with internet security software -- ideally with more than one package. If your computer is on a network, ideally run a scan on all devices on that network. (While reports to date have not indicated that this phishing email actually installs malware, it is simple for criminals to create a variant that does, and you can be sure that criminals will do exactly that if experts tell folks that there is no need to scan their computers after falling prey to this scam.)

Change your password to any systems that you accessed from the potentially infected machine since you clicked on the link (but change the passwords using a different device!). For advice on creating new, simple yet strong passwords please see the article "How to Create Strong Passwords That You Can Easily Remember."

If you disclosed any personal information using the potentially infected machine that could lead to identity theft, or that information is stored in your Google account (or on that device if it turns out to have malware on it), contact credit bureaus to place an alert on your account.

Published on: May 3, 2017
Like this column? Sign up to subscribe to email alerts and you'll never miss a post.