Google users are under attack by a big phishing scam that is spreading fast.
Affecting Google users using Gmail and Google Docs. they were receiving links from a people they know. When users click on the link to open the file, they were then directed to a page where they need to grant access to an app that looks exactly like Google Docs.
The program looks authentic enough other than all the permissions it requires.
This is actually a program that was made to send spam emails to everyone in users' inbox. Once users have clicked on "Allow" in Google Docs prompt, they've been compromised. It then self-replicates by sending itself to all of the users' own contacts.
The program is sophisticated enough to bypass Google's two-factor authentication and login alerts. Because Google Docs has access to users' email, attackers have the chance to extract any information stored inside messages. This can include access to other accounts registered using Gmail and other privacy-related emails.
Google took the case quickly and disabled the links, but that after the scam has spread to hundreds or thousands of users. The tech giant confirmed on Reddit, saying that it has blocked the phishing attack by disabling the fake app's ID.