UPDATE #6:
We've addressed the issue with a phishing email claiming to be Google Docs. If you think you were affected, visit https://t.co/O68nQjFhBL. pic.twitter.com/AtlX6oNZaf
— Google Docs (@googledocs) May 3, 2017
UPDATE #5: Changing your password may not help. It seems likely at this point that whoever was behind this attack - and if you opened the email and clicked "Allow" - that they will use your account access to spam more people from your inbox.
@binarybits Correct—this is not a password thing. You’re granting the phisher access to your account via OAUTH and you need to remove that authorization
— Lee Hutchinson (@Lee_Ars) May 3, 2017
I'm sending this to people that got phished. pic.twitter.com/3uP7NvQDkt
— Zach Latta (@zachlatta) May 3, 201
UPDATE #4: ***BE ADVISED*** The phishing scam today is not only from school districts, but some Police departments and corporate/business emails as well.
UPDATE #3:
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through & report as phishing within Gmail.
— Google Docs (@googledocs) May 3, 201
UPDATE #2: The following information was sent to DrydenWire by Josiah Hodgett, Technology Coach & Data Specialist for the Shell Lake School District:
We've seen a very widespread email attack on schools that have Google for Education accounts.
As you mentioned, people receive an email from apparently someone in a school domain, sent to "hhhhhhhhhhhhh@mailinator.com" with yourself as a bcc:.
This email contains a link that says "Go to Docs."
The issue comes at the next screen. Once they click the "Allow" button, they have given the malicious application the rights to send email to all of their contacts on their behalf.
This application seems to only a run a maximum of 4 times.
For those who have already clicked "Allow" - you will now need to go into your Google Account settings and remove any Connected Apps that were added today. From what I've seen, these apps are called something like "Google Docs." - Be assured, they are not the "real" Google Docs. And even if you do accidentally remove a connected app, it's quite simple to re-connect those apps at a later time when you are 100% certain it's legitimate.
Follow these steps to undo the impact:
- Go to Gmail in a web browser and click on your photo or initials on the top-right.
- Click "My Account"
- Click "Sign in and Security"
- Click "Connected apps and sites" on the left side
- Click "Manage Apps" on the right side
- Find one that says just "Google Docs" and click on it.
- Click Remove.
UPDATE #1: Followers on our Facebook page say that they have received emails from schools other than Shell Lake and Spooner. Multiple Northwest Wisconsin Schools have been reported as well as even a few in Southern Wisconsin.
There is an email going around that we would advise you do not open; this is a phishing scam. They may appear to be from both the Shell Lake and Spooner School Districts. We called both schools and they are aware of the situation and have advised their staff not to open the emails. The email may also appear to be from a friend that you have recently emailed.
The process was detailed on Reddit earlier today.
Last Update: May 06, 2017 3:18 pm CDT