Organizations that use Google for email, as well as thousands of personal Gmail customers, are reporting a scam that starts with an email from a known contact, which says that the person has shared a Google Doc. Recipients are asked to click the link to open, which redirects them to a legitimate Google sign-in page, where they’re prompted to select one of their Google accounts, and then to authorize a legitimate-looking app called “Google Docs” to manage emails. Once the app has permission to manage email, it secretly sends emails to all contacts, with the same phishing link. Personal and business email accounts are commonly used as the recovery email on a number of digital accounts, which means that hackers could get control of Apple, Amazon, Facebook, Twitter or personal Google accounts. Anything linked to a compromised Gmail account is potentially at risk. “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” Google said in a statement.
By Byron Acohido