A massive phishing scheme disguised as Google Docs just hijacked Gmail

Don't click on that Google Doc unless you know what it is.
Google Docs Gmail Hack
Google is aware of the issue and has taken actions to fix it, which include offending emails with this red alert. Still, be careful clicking on any unfamiliar shared Google Docs. PopSci Staff

If you noticed some weird Google Docs shares in your Gmail inbox today, you’re not alone. In fact, you were the target of a large-scale phishing attack.

The email looks like a typical shared Google Doc invitation. But, once you click “allow,” you’re granting account access to a malicious app masquerading as “Google Docs.” The app then forwards the message through your email address to all of your contacts. Google is reporting that the exploit has been disabled, but it’s still unclear how far it has spread and what the total effects are.

You can find more information in this massive Reddit thread about the attack, including a method for buttoning up your account if you have already clicked on it (basically, you have to revoke access to the phony “Google Docs” app). A Google employee commented on the thread and escalated the issue so it could be fixed.

It’s unclear with the endgame is for a scheme like this, but it’s a nice reminder that you should follow some basic safety and security guidelines to keep your email secure. Worth noting: Two-step authentication doesn’t prevent this phishing message from spreading.

Be careful out there.