Found Something Disturbing In My Gmail Documents

OneEyedDiva

OneEyedDiva

SF VIP
Location
New Jersey
I have several Gmail accounts for different reasons. My main one can be easily accessed at all times on my phone and tablet. I use it to send emails to my peeps and receive correspondence from companies I do business with most, like Amazon and Chewy. I have another strictly for financial and business matters. I never get spammed there. But the one I use for signing up for stuff, especially for subscriptions I may not keep, is the one that had the disturbing documents, shown below.

I only had two documents in that email. When I accidentally opened the documents for that account on my tablet, I found what is pictured below. Each document had romantic bordering on spicy content. I dared not open the links because they I had a feeling they led to porn sites. I just deleted them, since I didn't see a way to designate them as spam, like with the emails. I've never received anything like this in my other accounts.

20231103_073850.jpg
 

If it was me, I wouldn't worry about it. I get emails occasionally saying they've hacked into my computer and videoed me doing various things (there's no camera on my computer) and demand money or they'll release the videos to everyone I know. I just input wording from these emails into my server's spam blocker so I don't see them again.

In your case, if the emails were legitimate, they would have real words, not the gibberish above. It would seem that perhaps one or more of those subscriptions you may not keep was a spammer, and so ...
 
Devi said:
If it was me, I wouldn't worry about it. I get emails occasionally saying they've hacked into my computer and videoed me doing various things (there's no camera on my computer) and demand money or they'll release the videos to everyone I know. I just input wording from these emails into my server's spam blocker so I don't see them again.

In your case, if the emails were legitimate, they would have real words, not the gibberish above. It would seem that perhaps one or more of those subscriptions you may not keep was a spammer, and so ...
Click to expand...
Strange thing is they didn't come in as emails...they were in my documents folder. I'm not worried, just annoyed. I'm going to have to see if your solution works for me. Either that or contact Google about it. Apparently Google doesn't realize your documents can be spammed since they don't provide a spam blocker for that app.
 

OneEyedDiva said:
Strange thing is they didn't come in as emails...they were in my documents folder. I'm not worried, just annoyed. I'm going to have to see if your solution works for me. Either that or contact Google about it. Apparently Google doesn't realize your documents can be spammed since they don't provide a spam blocker for that app.
Click to expand...
Okay. I don't know anything about Gmail, actually.
 
Sounds like someone somewhere generated a shareable link for their docs and plugged in your email address?
Obviously they were trying to exploit you somehow but I'm not sure how they could do that with google docs.
I think maybe they just contained links to phishing sites?
You did the right thing to just delete the stuff.

Here's a perhaps interesting link, but it's from Jan 2022 ...
Hackers are abusing Google Docs to bypass security protections

Another from Jan 2022 ...
Hackers are sending malicious links through Google Doc comment emails

I found those links and others (some more recent) with this DuckDuckGo (Google alternative) search ...
google docs exploit
 
You ever click email links from emails you think you're familiar with? Like I have a credit karma acct and they send me emails with a link to click to check my credit score but I am wary of doing that so I just go directly to the site and check it myself just in case.

Maybe you clicked on something that looked like a page or business you use but it was a copycat site.
 
Naturally said:
Sounds like someone somewhere generated a shareable link for their docs and plugged in your email address?
Obviously they were trying to exploit you somehow but I'm not sure how they could do that with google docs.
I think maybe they just contained links to phishing sites?
You did the right thing to just delete the stuff.

Here's a perhaps interesting link, but it's from Jan 2022 ...
Hackers are abusing Google Docs to bypass security protections

Another from Jan 2022 ...
Hackers are sending malicious links through Google Doc comment emails

I found those links and others (some more recent) with this DuckDuckGo (Google alternative) search ...
google docs exploit
Click to expand...
You are right about the share feature. It showed the documents were shared with at least one person. I didn't click on that either. But according to the articles, if I understand correctly, hackers gained access while commenting on the documents that the OP originated. However, I did not create any of those documents, so the share...edit....comments (allowed) feature was not authorized by me. The articles did let me know that Google is aware of the vulnerability. They need to do something to address that! Thank you for posting links to those articles.

@MarciKS Emails are a separate feature from Docs. See my post #3 and Naturally's post quoted above. You are wise not to click links within unsolicited emails.
@Devi If you have Microsoft Office...Docs would be similar, I think. You create and edit documents that can be downloaded as PDF files if need be.
 
MarciKS said:
You ever click email links from emails you think you're familiar with? Like I have a credit karma acct and they send me emails with a link to click to check my credit score but I am wary of doing that so I just go directly to the site and check it myself just in case.

Maybe you clicked on something that looked like a page or business you use but it was a copycat site.
Click to expand...
I never click on links in mails..ever.. even if they look like they come from a source I know..like my banks or even my own daughter. It's not worth that risk....

Div, I also have Gmil accounts.. and thus far not had anything like those in my documents...
 
MarciKS said:
You ever click email links from emails you think you're familiar with? Like I have a credit karma acct and they send me emails with a link to click to check my credit score but I am wary of doing that so I just go directly to the site and check it myself just in case.

Maybe you clicked on something that looked like a page or business you use but it was a copycat site.
Click to expand...
This is always wise. Tho usually just looking closely at 'from' email address makes it obvious it is scammer. Most businesses have their own '.com' or '.org' email scammers use their own ISP one usually and its a dead giveaway. They also often misspell the company name.
 
feywon said:
This is always wise. Tho usually just looking closely at 'from' email address makes it obvious it is scammer. Most businesses have their own '.com' or '.org' email scammers use their own ISP one usually and its a dead giveaway. They also often misspell the company name.
Click to expand...
Scammers are getting more sophisticated though Feywon. I've gotten emails from my banks warning to be careful and stating how genuine scam emails claiming to come from them can look. You're right though...upon further inspection, grammatical errors become obvious.

@hollydolly It's good that you haven't had that happen yet. Hope it stays that way.
 
feywon said:
This is always wise. Tho usually just looking closely at 'from' email address makes it obvious it is scammer. Most businesses have their own '.com' or '.org' email scammers use their own ISP one usually and its a dead giveaway. They also often misspell the company name.
Click to expand...
yes but they're getting better and better at not giving themselves away with misspellings etc... some are very clever indeed, giving the full addresses of the company's they supposedly represent, addressing us by name rather than ''dear customer'' which was always a give-away.. so it's imperative no-one clicks on a link or goes to a URL which is given in the mail..even copying it into your browser... instead always use the address you have always used to access whatever site it is.. and when in doubt, search for scams using that address.. or website.
 
hollydolly said:
yes but they're getting better and better at not giving themselves away with misspellings etc... some are very clever indeed, giving the full addresses of the company's the supposedly represent, addressing us by name rather than ''dear customer'' which was always a give-away.. so it's imperative no-one clicks on a link or goes to a URL which is given in the mail..even copying it into your browser... instead always use the address you have always used to access whatever site it is.. and when in doubt, search for scams using that address.. or website.
Click to expand...
You're right HD.
 
hollydolly said:
yes but they're getting better and better at not giving themselves away with misspellings etc... some are very clever indeed, giving the full addresses of the company's they supposedly represent, addressing us by name rather than ''dear customer'' which was always a give-away.. so it's imperative no-one clicks on a link or goes to a URL which is given in the mail..even copying it into your browser... instead always use the address you have always used to access whatever site it is.. and when in doubt, search for scams using that address.. or website.
Click to expand...
True, have to stay alert. And since most people bookmark the sites of businesses and banks they use, it makes sense to just go to the site your normal way.
 
OneEyedDiva said:
Strange thing is they didn't come in as emails...they were in my documents folder. I'm not worried, just annoyed. I'm going to have to see if your solution works for me. Either that or contact Google about it. Apparently Google doesn't realize your documents can be spammed since they don't provide a spam blocker for that app.
Click to expand...
Never heard of things showing up in the documents folder. Glad you're being careful!
 
feywon said:
Thing is, clearly a significant number of people fall for scams whether email or phone or it wouldn't be cost effective enough for them to keep running.
Click to expand...
that's so true. Aside from accidental clicking on links.. or people new to the internet there are millions of elderly suffering Dementia related diseases.. there's people who have various levels of mental health issues.. those alone could rake in millions... much less those of us with some semblance of sense , joining in..
 
Last edited:
OneEyedDiva said:
You are right about the share feature. It showed the documents were shared with at least one person. I didn't click on that either. But according to the articles, if I understand correctly, hackers gained access while commenting on the documents that the OP originated. However, I did not create any of those documents, so the share...edit....comments (allowed) feature was not authorized by me. The articles did let me know that Google is aware of the vulnerability. They need to do something to address that! Thank you for posting links to those articles.

@MarciKS Emails are a separate feature from Docs. See my post #3 and Naturally's post quoted above. You are wise not to click links within unsolicited emails.
@Devi If you have Microsoft Office...Docs would be similar, I think. You create and edit documents that can be downloaded as PDF files if need be.
Click to expand...
did you change your password? if not, i would recommend it immediately.
 
MarciKS said:
did you change your password? if not, i would recommend it immediately.
Click to expand...
Marci...no I have not done that yet and I'm usually on top of things like that ! Thank you for reminding me ❣️ And about "the cloud", for the longest, nobody could describe what it really is! That being said, you are not the only one leery about it.
 
You must log in or register to reply here.

Back
Top