The purpose of this disclosure is to explain how we make money without charging you for our content.
Our mission is to help people at any stage of life make smart financial decisions through research, reporting, reviews, recommendations, and tools.
Earning your trust is essential to our success, and we believe transparency is critical to creating that trust. To that end, you should know that many or all of the companies featured here are partners who advertise with us.
Our content is free because our partners pay us a referral fee if you click on links or call any of the phone numbers on our site. If you choose to interact with the content on our site, we will likely receive compensation. If you don't, we will not be compensated. Ultimately the choice is yours.
Opinions are our own and our editors and staff writers are instructed to maintain editorial integrity, but compensation along with in-depth research will determine where, how, and in what order they appear on the page.
To find out more about our editorial process and how we make money, click here.
A sinister email is making the rounds in which the sender—someone you know, in some cases—invites you to click on a Google Docs link. People who click on the link can get pulled into a world of trouble, so, do not click the link. Just delete the email.
The nasty new email, which appears aimed at journalists, began to surface on Wednesday. Several colleagues at Fortune sent me the emails they received. Here’s a screenshot of what it looks like in your Gmail inbox (I blacked out the sender names):
The email, of course, isn’t actually from who it says it’s from, but is instead a phishing email intended to trick you into clicking a link. What happens next? You don’t want to try and find out yourself, but a hacker named Zach Latta has helpfully posted a GIF to Twitter that shows what happens if you hit “Open in Docs.”
As Latta’s demo shows, the whole thing is a ruse that will give the keys to your entire Gmail account to whoever is running the phishing campaign. As a certain President might say, “Bad!” If you want to imagine the worst case scenario, just recall Democratic National Committee head John Podesta, whose had his entire email correspondence leaked after he fell for a similar Gmail phishing scam.
Fortune has contacted Google to ask about the nature of the scam, and who may be behind it. The company has yet to reply, and has only posted this (not very helpful) tweet:
Scams targeting Google accounts appear to becoming more common in recent months. As my colleague Robert Hackett reported in January in the article Everyone is falling for this frighteningly effective Gmail scam, hackers (usually posing as a trusted contact) have been sending around booby-trapped documents that look like ordinary PDFs.
Meanwhile, older versions of the scam have seen the hackers posing as members of the Google Docs team.
If all of this feels frightening, well, it sort of is. But there is a very good way to protect yourself. If you haven’t already, make sure you have two-factor authentication set up on your Google accounts.
Doing will help ensure that, even if hackers do trick you out of your password, they will likely be unable to use it. That’s because the two-factor system will ask for a second code (usually a code sent by text message) if Gmail detects someone is trying to log-on from a strange computer. You can sign-up for Google’s two-factor here.
Finally, if you did click on the nasty link, you can go to your Google account settings here, which will allow you to revoke access to apps—including the fake Google Docs one.