Highly effective Gmail phishing scam causes alarm for IT pros worldwide

A recent Gmail phishing scam took the world by storm and compromised several Google accounts.

The scam started like any phishing attempt does, with a simple email.

But the sender appeared to be from someone close to the recipient, such as a work colleague or family member.

That was just one reason the scam was so successful in tricking users.

Phishing attack spread like wildfire

In the email, the sender referenced a Google Doc shared with the target.

It looked like a flawless replica of a Google Doc’s notification, enough that it confused even tech pros.

When the intended victim clicked on the link to take them to a preview of the document, it instead prompted users to allow Google Docs access to their email and its contacts list.

Anyone who was confused by this deviancy from the norm and checked the URL would see it said accounts.google.com, so it even appeared legit.

But when allowed access, the scam was complete and it would send an automatically generated email to that user’s contacts list.

Anyone in their Gmail contacts would receive a similar email stating so-and-so shared a document.

It was the self-replicating and automatic nature of the attack that made it so dangerous.

Google was notified of the scam and within an hour had completely shut it down.

It launched an investigation, but so far hasn’t turned up any damages or malware that was pushed through.

All domains associated with the attack were blocked, but the rate at which the attack spread caused alarm.

To see if users have allowed malicious apps permissions access, check https://myaccount.google.com/permissions for a complete list of apps that user allowed.