If you received an email about a new comment in a Google document, do not click the link because it is spam. As reported by 9 to 5, it is part of a new spam technique trying to abuse comments in Google Docs, Slides and Sheets.
There have been a number of high profile spam campaigns this year. So much so that Google made a number of changes over the summer to combat the issues.
Interestingly, the prevention mechanisms put in place by other companies may conflict with the Trump campaign by accident. Mobile carriers are in an ongoing battle with the president over his SMS campaign because it does not offer an opt-out option to users.
However, this Google Docs spam email is quite sophisticated. It masks its intention quite well considering that most uses can be done just by clicking on a Google Docs comment link with little to no thought about it.
Beware of Google Docs comment emails
It appears that this spam has been around for quite some time this year. The first report found was in August, when spammers discovered they could use Google Docs to send any message to almost any email address.
This means the email is from a trusted sender, and by all accounts it looks like spammers’ efforts are stepping up even further.
The first thing to note is that you should absolutely not click on the link if you receive any of these emails. It redirects to a malicious location that tries to steal account information.
If you continue to receive a number of these emails, there is a way to fight it. Many would be concerned that filtering these emails would also filter emails from genuine comments from Docs. However, there is a way around this.
It is important to note that spammers do not give the email address normal commenting rights. This means that each email includes the phrase “you are not allowed to comment”. This means that the filtering of this phrase should target those specific spam emails without affecting the genuine ones.
The spam attack appears to be quite similar to the long-standing Google Drive problem. This allows anyone to share junk files with any other Google account.
Google said they are “making it a priority” to fix the problem. However, so far, little progress appears to have been made. To these specific issues, Google has yet to respond with a meaningful comment.