The malicious scam became widespread yesterday
Yesterday was not a great day for big tech companies. WhatsApp faced a 2-hour outage and Google had to issue a warning to Google Docs users. This warning came after a sophisticated phishing attack was identified.
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through, & report as phishing within Gmail.— Gmail (@gmail) May 3, 2017
The attack sends a Gmail user an emailed invitation from someone they may know. This user is then taken to a legitimate Google sign-in screen and asked to "Continue to Google Docs". By clicking through at this stage, the user has given permission to a malicious third party app to access their Gmail account.
This is deemed to be a sophisticated scheme as it does not simply take users to a fake Google page to steal your password. It uses Google's infrastructure and simply abuses the fact that it is possible to create a web app with a misleading name. In this instance, the scammers use Google Docs.
While Google now says it has resolved this issue, the company is still urging users to report any phishing emails they may receive.
"We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” Google said in a statement. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."
These systems are becoming more sophisticated but there are a few simple things you can do to ensure you and your data stay safe.