Last week, nearly 1 million Gmail users have been targeted in a phishing scam. Cybercriminals sent emails that appeared to come from Google and that claimed that someone wanted to share a Google Docs document with the recipient.
Large numbers of users received the malicious invitation. When users clicked the link in the mail they were directed to a real login screen of Google. On this screen they were asked whether the web app ‘Google Docs’ should be allowed to access their Google account. If the user gave permission, the criminals gained access to the user’s contacts and all these contacts then also received the phishing mail.
Google quickly took measures, the malcious web app was removed together with the accounts from which the attack was started. The search giant claims to have stopped the attack in about an hour and that less than 0.1 of the Gmail users received the phishing mail.
The cybercriminals also didn’t get any other data than the contact information used to sent the phishing mails.