As you may have heard, an email worm disguised as a Google Docs request propagating across the Internet. Some of our customers may have received this email directly from Zendesk employees or found it in their Zendesk account tickets. The email asks you to grant OAuth permissions to a malicious app. If you click the email link and grant the permissions, your contact list is crawled and the phishing email is sent to all of your contacts.
What We're Doing
Our InfoSec and IT teams immediately began taking proactive steps to prevent further spread of the threat. Additionally, Google briefly brought down their Google Drive service to address the situation.
What You Should Do
If you receive an email stating that someone has shared a Google Doc with you but you are asked to grant access to your email and contacts in order to view it, please do not do so and validate with the sender that the document is legitimate.
Example of Malicious App Requesting Access to Your Email and Contacts
If you think your Google account may have been compromised, please go to https://myaccount.google.com/permissions and confirm the malicious "Google Docs" app doesn’t appear in your list of permissions. This revokes the attacker's OAuth access to your Google account. The actual Google Drive service is not included on the permission list, so your access to real documents in Google Drive will not be affected by removal of this malicious app.
More information can be found in this article from NBC News.
We know this has been a distracting inconvenience for you and your business, as it has been for ours. Please let us know if there is anything we can do to help or if you have any questions by emailing us at firstname.lastname@example.org or calling 1-888-670-4887.