[Update] Phishing Alert: Google Drive phishing e-mail

We have received additional information about yesterday’s Google Docs phishing attack that we wanted to share with campus.

How did this Google Docs phishing attack work?
The message appeared to come from a trusted source asking you to open a Google Doc that was shared with you. If you clicked on the link, it took you to a page asking for permission to access your account. If you allowed it, it granted permission for a malicious app to access your email account and contacts. This was a widespread sophisticated attack that was not limited to the UNLV community. Google is working to prevent this type of phishing attack from happening again.

What should I do if I clicked on the link and granted permission to the malicious app?

  • No further action is necessary. Google has already removed the malicious app from your account.
  • You DO NOT need to change your email password. Your password was not compromised by this attack.
  • While contact information was accessed and used by the attack, Google’s investigations show that no other data was exposed.
What should I do to prevent future phishing attacks?

If you have questions, please contact the IT Help Desk.