Google Docs users were hit Wednesday with a clever phishing scam that handed the attackers access to victims’ accounts.

Google DocsAlthough Google has disabled the accounts responsible for the malicious e-mails, an unknown number of Docs users were impacted after clicking on what seemed to be a shared Google document.

The bogus e-mails were made to look like they were coming from people the victims knew. Those who did click the link appearing in the document unknowingly gave the sender access to their accounts and Google contact lists, enabling spammers to send out even more e-mails.

“We are investigating a phishing e-mail that appears as Google Docs,” Google said via Twitter. “We encourage you to not click through and report as phishing within Gmail.

“We have taken action to protect users against an e-mail impersonating Google Docs and have disabled offending accounts. We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing e-mails in Gmail.”

Google did not say who was responsible for the phishing attack.

Anyone who believes they were affected, should visit  find the Google Docs app and remove all permissions.

As Twitter user Zach Latta pointed out, the hackers will still have victims’ info on their servers but, now that Google has revoked the app, they no longer have account control.

Source: -