A massive phishing campaign Attack.Phishing targeting Google accounts ripped through the internet on Wednesday afternoon . Several people online across a range of industries said they received Attack.Phishing emails containing what looked like Attack.Phishing a link to a Google Doc that appeared to come from Attack.Phishing someone they know . These , however , were malicious emails designed to hijack their accounts . It 's unclear exactly how the attack works at the moment , but it does appear to be highly sophisticated . A Reddit user has a good breakdown of what happens exactly when you click on the Google Doc button . In a few words , when you click on the link , the login screen takes you to a genuine Google domain , but that domain asks you to grant access to an app called Google Docs that is not the real Google Docs . And the `` Google Docs '' app reads all your email and contacts , and then self-propagates by sending more emails . We 've also heard reports that Google Drive was down , and experienced the outage ourselves , but can not yet confirm if that is related to the attack . ( It 'd be a hell of a coincidence , although Drive appears to be working again . ) `` We have taken action to protect users against an email impersonating Google Docs , and have disabled offending accounts , '' Google said in a statement sent to Motherboard . `` We 've removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again . We encourage users to report phishing emails in Gmail . '' In a subsequent statement , Google said that the phishing campaign Attack.Phishing was halted `` within approximately an hour '' and that it `` affected fewer than 0.1 % of Gmail users . '' While that sounds low , considering that Gmail has around 1 billion users , that 's still around one million victims .

A massive phishing campaign Attack.Phishing took place today , but Google 's security staff was on hand and shut down the attacker 's efforts within an hour after users first reported the problem on Reddit . According to multiple reports on Twitter , the attacks Attack.Phishing first hit Attack.Phishing journalists , businesses , and universities , but later spread to many other users as well . The attack itself was quite clever if we can say so ourselves . Victims received Attack.Phishing a legitimate ( non-spoofed ) email from one of their friends , that asked them to click on a button to receive access to a Google Docs document . If users clicked the button , they were redirected to the real Google account selection screen , where a fake app titled Attack.Phishing `` Google Docs '' ( not the real one ) asked the user 's permission to authorize it to access the shared document . In reality , the app only wanted access to the user 's Gmail inbox and contact list . After gaining access Attack.Databreach to these details , the fake app copied the user 's contact list and sent Attack.Phishing a copy of itself to the new set of targets , spreading itself to more and more targets . The email was actually sent Attack.Phishing to `` hhhhhhhhhhhhhhhh @ mailinator.com , '' with the user 's email address added as BCC . Following the incident , Mailinator intervened and blocked any new emails from arriving into that inbox . Because of this self-replicating feature , the phishing attack Attack.Phishing spread like wildfire in a few minutes , just like the old Samy worm that devasted MySpace over a decade ago . Fortunately , one Google staff member was visting the /r/Google Reddit thread , and was able to spot a trending topic detailing the phishing campaign Attack.Phishing . The Google engineer forwarded the Reddit thread to the right person , and within an hour after users first complained about the issue , Google had already disabled the fake app 's ability to access the Google OAuth screen . Later on , as engineers had more time to investigate the issue , Google issued the following statement : We have taken action to protect users against an email impersonating Attack.Phishing Google Docs & have disabled offending accounts . We ’ ve removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again . We encourage users to report phishing emails in Gmail . There are no reports that malware was deployed in the phishing attack Attack.Phishing . Cloudflare was also quick to take down all the domains associated with the phishing attack Attack.Phishing . Users that clicked on the button inside the phishing email can go to the https : //myaccount.google.com/permissions page and see if they granted the app permission to access their account . The real Google Docs is n't listed in this section , as it does not need permissions , being an official Google property .

Where there ’ s a will , there ’ s a way , and scammers are finding increasingly cunning ways to capitalise on the reach and popularity of the world ’ s global brands . This time PayPal is the target , according to Proofpoint . The company recently discovered a phishing email message which looked like Attack.Phishing a benign PayPal login , but in reality it was a “ very well crafted ” phishing webpage . The page is available in multiple languages , which makes it seem all the more legitimate and across many different regions . Behind the scenes , the phishing attack Attack.Phishing turned out to be complex and sophisticated , and Proofpoint says those are the real innovations . The phishing Attack.Phishing attempts feature embedded URLs that direct users to the fake PayPal login . This is done using a decommissioned PayPal service that allows a person to buy a gift card from a user . The phishing attack Attack.Phishing then starts with a ‘ reassuring welcome page ’ , Proofpoint says . Users are then asked to confirm the credit card information . After the phishing kit validates the card , it asks users to enter security information about the card , the link to their bank account and details and identification . Proofpoint says that the particular phishing kit shows how ‘ crimeware as a service ’ is rapidly advancing , and will become a more common technique . Proofpoint says it has notified PayPal of the phishing campaign Attack.Phishing and the findings

A new phishing campaign Attack.Phishing is using a fake iTunes receipt for movie purchases to compromise Apple users ' sensitive information . Fortinet researchers first spotted the phishing campaign Attack.Phishing over the weekend of 17 February . The attack Attack.Phishing begins when an Apple user receives Attack.Phishing a receipt that appears to have come from iTunes . In actuality , an email address based in Norway sent the message . The receipt lists purchases for a series of movies . These films ( which include `` Allied '' , `` Arrival '' , and `` Jack Reacher : Never Go Back '' ) debuted in theaters recently , which makes the ruse relevant and consequently more believable . This email is n't the first time phishers ( or smishers , for that matter ) have targeted Apple users . Users in the United Kingdom , Australia , and the United States have witnessed similar attacks over the past few years . This particular campaign targets Canadian users and seems to have improved upon earlier iterations of the scam . Of course , most users who receive the receipt will wonder why they 've been charged so much money for something they have n't purchased . Their attention will subsequently go to the link at the bottom of the email that claims they can obtain a full refund . But clicking on the link does n't help them in the slightest . As explained by Fortinet 's researchers : `` At the bottom of the receipt , there ’ s a link to request a “ full refund ” in case of an unauthorized transaction . Apple has no need for a user 's Social insurance number , which Canadians need to work for or to access government services , or their mother 's maiden name . But the phishers want their targets to overlook that fact and enter their details . Indeed , doing so would help the attackers assume control of their victim 's credit card and other financial information . This campaign , like so many others , demonstrates the importance of carefully reviewing suspicious emails . Users should look at the sending email address to see if it 's legitimate . If they come across an invoice or receipt for a credit card purchase , they should check their account history for such a transaction . If they do n't find anything , that means scammers are just trying to scare them into handing over their payment card details . Additionally , users might consider setting up transaction notifications on their payment cards . That way , if they have n't received an alert of a transaction , they 'll immediately know that an invoice such as the one above is a fake