There is a new phishing scam where you may receive a Google document from a known contact. It requires you to log in and allow it to control your contacts which gives the hack control of your Google email account which in turn further propagates the scam.
The bad documents are very hard to detect, so it is best to get confirmation from the sender before opening it.
Here is an article on the issue which shows example images.
As the article notes:
To protect yourself, the most obvious thing to do is to delete any email about a shared Google Doc, unless you can personally verify with the sender that it’s not a phishing email. If you already clicked on the link, you should set up two-factor authentication, using a cell phone number, on any critically important account