I don’t usually post about particular threats or attacks. I try to stick to general strategies and methods to keep you safer (there is no completely safe here.) But this attack works around many of my usual strategies and I’m hard pressed to see how to operate normally and not get your account information stolen.
This phishing scheme sends a Google Doc and just previewing it can get your information stolen. The one point that you can catch it is a problem is it asks you to re-login with your Google credentials. This is where it gets you and it’s easy to miss. I make it a policy to delete any email with an attachment that I was not expecting ahead of time. I’ll read the subject and that sender and occasionally the preview lines of the email.
I don’t hesitate to delete because emails can be resent. If someone later asks I can then ask them to resend or retrieve it from the Trash a few days later. This way it takes a phone call from a trusted person before I will open the doc. In 25 years of emails I have never lost something that I really needed. The safety factor is worthwhile.
Being diligent is good but don’t depend on being perfect to protect your identity and your assets. Use strategies that keep you safe.