targeting Google accounts ripped through the internet on Wednesday afternoon . Several people online across a range of industries said they receivedAttack.Phishingemails containing what looked likeAttack.Phishinga link to a Google Doc that appeared to come fromAttack.Phishingsomeone they know . These , however , were malicious emails designed to hijack their accounts . It 's unclear exactly how the attack works at the moment , but it does appear to be highly sophisticated . A Reddit user has a good breakdown of what happens exactly when you click on the Google Doc button . In a few words , when you click on the link , the login screen takes you to a genuine Google domain , but that domain asks you to grant access to an app called Google Docs that is not the real Google Docs . And the `` Google Docs '' app reads all your email and contacts , and then self-propagates by sending more emails . We 've also heard reports that Google Drive was down , and experienced the outage ourselves , but can not yet confirm if that is related to the attack . ( It 'd be a hell of a coincidence , although Drive appears to be working again . ) `` We have taken action to protect users against an email impersonating Google Docs , and have disabled offending accounts , '' Google said in a statement sent to Motherboard . `` We 've removed the fake pages , pushedVulnerability-related.PatchVulnerabilityupdates through Safe Browsing , and our abuse team is working to prevent this kind of spoofingAttack.Phishingfrom happening again . We encourage users to report phishing emails in Gmail . '' In a subsequent statement , Google said that the phishing campaignAttack.Phishingwas halted `` within approximately an hour '' and that it `` affected fewer than 0.1 % of Gmail users . '' While that sounds low , considering that Gmail has around 1 billion users , that 's still around one million victims .
The attackers were able to redirect SMS messages used for two-factor authentication in order to approve money transfers . Earlier this year , hackers exploitedVulnerability-related.DiscoverVulnerabilityvulnerabilities in the Signaling System No . 7 ( SS7 ) protocols to sidestep two-factor authentication and steal funds from German victims ' bank accounts , according to Germany 's Suddeutsche Zeitung . The hackers stoleAttack.Databreachbank login credentials via phishing emails that appeared to come fromAttack.Phishingthe victims ' banks , then leveraged flaws in SS7 to redirect the SMS messages required to confirm funds transfers . `` Criminals carried out an attack from a network of a foreign mobile network operator in the middle of January , '' a representative of Germany 's O2 Telefonica said , according to Ars Technica . `` The attack redirected incoming SMS messages for selected German customers to the attackers . '' Ars Technica notes that security researcher Karsten Nohl demonstratedVulnerability-related.DiscoverVulnerabilitythe potential impact of the flaws in SS7 last year by recording calls and tracking the location of U.S. Rep. Ted Lieu . Earlier this week , Lieu tweeted , `` I 've been screaming for FCC & telecom industry to fixVulnerability-related.PatchVulnerability# SS7 security flaw . Perhaps bank losses will get them to act . '' `` EVERYONE 'S BANK ACCOUNT IS AT RISK until FCC and telecom industry fixVulnerability-related.PatchVulnerabilitythe devastating # SS7 flaw , '' he added .