So I was minding my own business in my humble abode when I receive an email. A quick look at my phone’s notification bar tells me that it was from the admissions counselor (, let’s call her Daisy,) of a college that had accepted me. I wasn’t at all surprised because the decision day for that college had just passed and I hadn’t shared mine at all.
The email said “Daisy has shared a document with you.” And had a button that said:
Like a dumbass, I clicked on it. I did wonder why she’d share a document with me and I did, kinda, wonder why it didn’t look like the average Google Doc invitation, but I was on my phone and I chose to overlook it.
Then I land on a page that asks me if I want Google Drive to have access to my email account. It asked for permissions like “Edit, delete and create emails.” I was certain, by this point, that something was not right. And I just allowed it. You know why? Cause the goddamned address bar clearly showed that I was still on Google and still on https. I was redirected and then it appeared to be completing a request and loading something and after waiting for a few minutes, I realized what I had done.
Now I noticed another weird email, and it said “Anas Khan has shared a document with you.” That was it. Now I realized what those permissions were for. I checked the sent mail and realized that this shit had forwarded itself to “firstname.lastname@example.org” and that email was BCC’d to virtually every email address that I had ever communicated with.
Well, kinda screwed up. But I have to say this: It was a clever scam.