Users under threat as phishing attack hits Gmail

Widespread Google Docs spam emails carry phishing attackMore

Widespread Google Docs spam emails carry phishing attackMore

But unlike traditional phishing attacks that try to coax personal details out of you with an official-looking imitation page, this cunning scam took you to a genuine Google login window. When you clicked to open the document, you'd be taken to an innocent-looking web page hosted by Google.

The malware is masquerading as an email from someone the user may know and invites them to review a Google Doc link. It gradually gained control of their whole email histories and stretched itself to all of their contacts.

Google said it had "disabled" the malicious accounts and pushed updates to all users, according to an NBC News report.

"The attack didn't directly try to steal usernames and passwords like a typical phishing scam but rather tricked users into allowing complete access to their email account", said the firm in a blog post.

If you think you were affected, log in to Gmail and revoke permission for Google Docs to access your account.

Members of the ITWC team received examples of this widespread phishing scam in their inbox on Wednesday.

In a similar attempt, a new Google Docs phishing scam has spread like a wildfire all across the internet.

Detroit Tigers' pitching turning tables on Cleveland Indians this season
Salazar may get some strikeouts on this Detroit lineup, but the Tigers have still been good at producing runs at home. Cleveland Indians ace Corey Kluber left a game Tuesday night against the Detroit Tigers because of back discomfort.

It's unclear how widespread the attack is, but reporters at publications including BuzzFeed, CNN, and Motherboard tweeted that they'd receiving the phishing email, as had many of their sources.

People on the internet are being tricked Wednesday by a sophisticated phishing scam created to gain access to Google accounts.

It took Google about an hour to shut the campaign down.

The emails come appear to come from a legitimate email address and provide a link that appears to be a legitimate Google address.

Clicking the link authorises the attack, and a user's account will then be hijacked and used as an infection vector, repeating the same behaviour to every contact a user has ever emailed.

To check if you have been victimized, go to Google App permission page and look for the app called "Google Docs".