A massive phishing campaign Attack.Phishing targeting Google accounts ripped through the internet on Wednesday afternoon . Several people online across a range of industries said they received Attack.Phishing emails containing what looked like Attack.Phishing a link to a Google Doc that appeared to come from Attack.Phishing someone they know . These , however , were malicious emails designed to hijack their accounts . It 's unclear exactly how the attack works at the moment , but it does appear to be highly sophisticated . A Reddit user has a good breakdown of what happens exactly when you click on the Google Doc button . In a few words , when you click on the link , the login screen takes you to a genuine Google domain , but that domain asks you to grant access to an app called Google Docs that is not the real Google Docs . And the `` Google Docs '' app reads all your email and contacts , and then self-propagates by sending more emails . We 've also heard reports that Google Drive was down , and experienced the outage ourselves , but can not yet confirm if that is related to the attack . ( It 'd be a hell of a coincidence , although Drive appears to be working again . ) `` We have taken action to protect users against an email impersonating Google Docs , and have disabled offending accounts , '' Google said in a statement sent to Motherboard . `` We 've removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again . We encourage users to report phishing emails in Gmail . '' In a subsequent statement , Google said that the phishing campaign Attack.Phishing was halted `` within approximately an hour '' and that it `` affected fewer than 0.1 % of Gmail users . '' While that sounds low , considering that Gmail has around 1 billion users , that 's still around one million victims .

A massive phishing campaign Attack.Phishing took place today , but Google 's security staff was on hand and shut down the attacker 's efforts within an hour after users first reported the problem on Reddit . According to multiple reports on Twitter , the attacks Attack.Phishing first hit Attack.Phishing journalists , businesses , and universities , but later spread to many other users as well . The attack itself was quite clever if we can say so ourselves . Victims received Attack.Phishing a legitimate ( non-spoofed ) email from one of their friends , that asked them to click on a button to receive access to a Google Docs document . If users clicked the button , they were redirected to the real Google account selection screen , where a fake app titled Attack.Phishing `` Google Docs '' ( not the real one ) asked the user 's permission to authorize it to access the shared document . In reality , the app only wanted access to the user 's Gmail inbox and contact list . After gaining access Attack.Databreach to these details , the fake app copied the user 's contact list and sent Attack.Phishing a copy of itself to the new set of targets , spreading itself to more and more targets . The email was actually sent Attack.Phishing to `` hhhhhhhhhhhhhhhh @ mailinator.com , '' with the user 's email address added as BCC . Following the incident , Mailinator intervened and blocked any new emails from arriving into that inbox . Because of this self-replicating feature , the phishing attack Attack.Phishing spread like wildfire in a few minutes , just like the old Samy worm that devasted MySpace over a decade ago . Fortunately , one Google staff member was visting the /r/Google Reddit thread , and was able to spot a trending topic detailing the phishing campaign Attack.Phishing . The Google engineer forwarded the Reddit thread to the right person , and within an hour after users first complained about the issue , Google had already disabled the fake app 's ability to access the Google OAuth screen . Later on , as engineers had more time to investigate the issue , Google issued the following statement : We have taken action to protect users against an email impersonating Attack.Phishing Google Docs & have disabled offending accounts . We ’ ve removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again . We encourage users to report phishing emails in Gmail . There are no reports that malware was deployed in the phishing attack Attack.Phishing . Cloudflare was also quick to take down all the domains associated with the phishing attack Attack.Phishing . Users that clicked on the button inside the phishing email can go to the https : //myaccount.google.com/permissions page and see if they granted the app permission to access their account . The real Google Docs is n't listed in this section , as it does not need permissions , being an official Google property .