A phishing campaign making the rounds is sending Google Doc access links to recipients asking for permission to manage their email accounts.
A self-described graduate student, Eugene Pupov, claims to be behind the email blast which he says is part of a graduate final at Coventry University. According to Tweets by Pupov, the entire incident is “a total misunderstanding” and that the emails “were sent simply as a test.”
Security news outlet Naked Security, however, confirmed with the school that Pupov is not a student there. Those who received the emails and clicked on the link within the message are guided to a Google login and permissions page where the phony Docs app asks for the ability to control their email accounts to read, send, and delete messages, as well as manage contacts.
In a Tweet on Wednesday, Google said they were “investigating a phishing email that appears as Google Docs.”