A rather sophisticated pfishing email circulated nationwide yesterday (05-03-2017) that looked very closely like a legitimate Google Drive document sharing email.

If you clicked the button “Open in Docs”, you were then likely directed to a page requesting permission to install a malware app called “Google Docs”. When you clicked on the approval button, the malicious app was granted access to your Google contact list which then forwarded the malicious email to your contacts. 

Although Google has shut down this malicious app and associated traffic, you should remove the permissions that were granted to the app.  Here's how to do that:

  1. Go to your mail in your Chrome browser, and click on the “dialpad” icon in the upper right corner of the screen.  You'll get a list of different Google Apps.  Click on “My Account” (the shield).
  2. Under the “Sign-in & Security” headiing, select “Connected apps & sites”.
  3. Under "Apps connected to your account”, click on “Manage apps”.  You will see a list of apps and websites that you have approved to access certain aspects of your account.
  4. Look for an application named "Google Docs" — if you see it, select it and click Remove.  The real Google Docs is not listed on this screen.

Go through the list of applications that are connected and have access to your account. If you see anything that you do not immediately recognize, it is OK to remove it.  If you remove something that you really do use, it will not hurt as when you sign into that application again, you will be asked to re-confirm the same permissions.