A sophisticated phishing scam disguising itself as a link to a Google Doc is currently making its way through email.
Those targeted by the scam will receive an email for a Google Doc invitation from a person they’ve messaged in the past. However, when the target tries to access the email, it spreads the scam to every person the target has ever messaged.
According to BuzzFeed technology reporter Joe Bernstein, the scam will not infect computers with malware, but it will leave your Google account open to hackers. Those who have fallen for the scam should change their passwords and revoke permission to the Google Docs app. Google users can revoke permission to the Google Docs app by going to myaccout.google.com/permissions and deleting any suspicious looking apps, including Google Docs.
It’s not clear who perpetrated the phishing scam, or the scale of the attack beyond credential hijacking.