A phishing campaign seems to be making its way around the internet baiting users to open a 'Google Document' sent by someone they had contact with in the past.
The link appears to redirect to a legitimate Google authentication page, which attempts to authorize a rogue Google Docs application. This grants the bad guys access into the victim's Gmail and contacts without needing their password/2FA token.
SANS Analysis: https://isc.sans.edu/diary/22372
Fell for it? Here is the fix:
- Google Security Check
Navigate towards the Account Permissions section.
Check for "Google Docs," and remove it if it exists. It's not the real Google Docs.
While it doesn't appear this was a credential harvesting attack, its best to reset your password and enable Two Factor Authentication as a preventative measure with Google Account Security settings.