Don’t open that email.
Journalists and others on Wednesday were ensnared in what appears to be a widespread phishing attack from the address “hhhhhhhhhhhhhhhh@mailinator.com,” while others took to Twitter to warn others:
icymi: Someone Is Spreading a Massive Google Doc Phishing Email Right Now https://t.co/Y2HVIKejlp via @lorenzofb
— Carl Franzen (@carlfranzen) May 3, 2017
This may be spreading through asking authorizing apps. DO NOT AUTHORIZE APPS WITHOUT CHECKING. Go here and check. https://t.co/wVx7ZW7RCW
— zeynep tufekci (@zeynep) May 3, 2017
PSA: DO NOT OPEN ANY GOOGLE DOCS, especially those sent to you as links. A very nasty google docs phishing attempt going around.
— David Clinch (@DavidClinchNews) May 3, 2017
Related Training: Digital Security for Journalists
https://twitter.com/RosieGray/status/859850396788981760
Just got this as well. Super sophisticated. pic.twitter.com/l6c1ljSFIX
— zach latta (@zachlatta) May 3, 2017
I was sent the Mailinator email twice in less than an hour, from two sources on the media beat, which means journalists have already fallen prey to the scam.
To avoid having your account compromised, don’t click on the email, obviously. If you have clicked it, here’s what to do, per Hack Club founder Zach Latta.
How to fix fake Google Docs phish:
1. Go to https://t.co/60z1CDeunO
2. Find the app called "Google Docs"
3. Revoke all permissions— zach latta (@zachlatta) May 3, 2017
A representative from Gmail said the company is investigating the attack.
Hi Robert. Our team is aware of this issue and investigating on it. You can report it as phishing here: https://t.co/O0OMLWxsvG.
— Gmail (@gmail) May 3, 2017
