There are two reasons why this thing is so tricky. For one, it looks legit: An invitation to view a Google Document appears to come from an existing contact. But when a person clicks on the link, the attack immediately replicates itself—meaning, it has the potential to spam all of that person’s contacts with the same message. The second reason it’s so tricky is that it’s unclear what the attack is attempting to do. Phishing is often a way for bad actors to gain unauthorized access to a person’s email or other private accounts, but it’s not yet clear what’s motivating this attack.

I received this about 30 minutes ago. I didn’t open it.