We’re currently seeing reports of phishy emails that imitate Google Docs invitations. The “Open in Docs” button is actually a link that redirects to a malicious URL–not something you want to click!
Here’s one of the fake invites:
Note the strange email address in the “To” field; that’s one red flag that should make you suspicious. If you see a “notice” being sent to unusual or inappropriate addresses, you might have discovered a phishing scam that’s being forwarded to a long list of people.
This attack tries to get victims to grant permission for a fake “Google Drive” app to access their accounts. Granting access allows attackers to see your account’s information, including your contact list, which the hackers then use to perpetuate the scam.
If you receive this email (or have just received it) do NOT click it. See this article for more tips on how to protect yourself from this tricky phish, including what to do if you’ve already fallen for it.