An incredibly fast-moving phishing attack started hitting Gmail inboxes Wednesday.
Victims—who at first seemed to be journalists—receive what looks like an invitation to view a Google Doc from a known contact that instead replicates the attack to their address books, according to The Atlantic.
Clicking the link lets the attacker read, send and delete emails on a victim’s behalf without having login details, Recode reported. Two-factor authentication or changing a password doesn’t disable the attack; instead, users have to remove what looks like a Google Doc app from their account management pages. (Here’s Google’s recommended security check.)
The attack didn’t affect the real Google Docs program; it merely spoofed it. Google said it will be taking steps to prevent such trickery in the future and it also disabled the accounts associated with this specific attack.