You've probably heard about that treacherous phishing scheme going around the Internet masquerading as a Google Doc invitation. Worse, maybe you've fallen victim to the scam, yourself.
For those still unscathed, here are a few tips to keep you nice and safe. As for all you innocent bystanders out there panicking after clicking on one of the links, don't freak out. Take a deep breath and read this carefully. We'll get through this together.
First, what is it?
People have been reporting getting emails from a known contact seeking to share a Google Doc with them. After clicking the invite and signing into what appears to be an authentic Google sign-in page, the bug then spreads to that person's contacts...
How can you tell?
One obvious sign that you've been targeted is if the email is addressed to something like, "firstname.lastname@example.org." Also, use your judgment. Maybe there is something included in the email that you know is uncharacteristic of that known contact.
How do I avoid being hit?
The answer is simple: Don't click on any Google Doc invitations for the time being -- not from your mother, your father, no one. Again, a lot is still not known about this bug, and how it is affecting users, media reports have said.
What do I do if I clicked on the link?
First, don't beat yourself up, it isn't a reflection on you. Second, immediately change your password.
Reports are also advising users to go through their Gmail Account Recovery security checklist.
The good news is, it wasn't malware, which is often much more harmful...
To recap, phishing attacks can usually be thwarted by the user changing his or her password. But make sure to use some numbers and symbols in there. And make sure to do it soon.