Users under threat as phishing attack hits Gmail

Inc. All rights reserved. This material may not be published broadcast rewritten or redistributed

Inc. All rights reserved. This material may not be published broadcast rewritten or redistributed

But unlike traditional phishing attacks that try to coax personal details out of you with an official-looking imitation page, this cunning scam took you to a genuine Google login window. When you clicked to open the document, you'd be taken to an innocent-looking web page hosted by Google.

The malware is masquerading as an email from someone the user may know and invites them to review a Google Doc link. It gradually gained control of their whole email histories and stretched itself to all of their contacts.

Google said it had "disabled" the malicious accounts and pushed updates to all users, according to an NBC News report.

"The attack didn't directly try to steal usernames and passwords like a typical phishing scam but rather tricked users into allowing complete access to their email account", said the firm in a blog post.

If you think you were affected, log in to Gmail and revoke permission for Google Docs to access your account.

Members of the ITWC team received examples of this widespread phishing scam in their inbox on Wednesday.

In a similar attempt, a new Google Docs phishing scam has spread like a wildfire all across the internet.

Trump's climate stance casts shadow over Arctic meeting
Secretary of State Rex Tillerson will lead the session, but he won't have many answers for his fellow foreign ministers. The Obama administration had emphasized climate change and scientific research during the two-year USA chairmanship.

It's unclear how widespread the attack is, but reporters at publications including BuzzFeed, CNN, and Motherboard tweeted that they'd receiving the phishing email, as had many of their sources.

People on the internet are being tricked Wednesday by a sophisticated phishing scam created to gain access to Google accounts.

It took Google about an hour to shut the campaign down.

The emails come appear to come from a legitimate email address and provide a link that appears to be a legitimate Google address.

Clicking the link authorises the attack, and a user's account will then be hijacked and used as an infection vector, repeating the same behaviour to every contact a user has ever emailed.

To check if you have been victimized, go to Google App permission page and look for the app called "Google Docs".