A lot of Gmail accounts are attacked by fake Google Docs

This highly complex and unrecognizable phishing scam has appeared all over Gmail accounts on Wednesday. Email is sent from someone you know, taking the user to a real Google login screen and asking them to continue to go to the Google Docs file. When accessing this third-party website (called Google Docs), your email and contacts will fall into their hands. If you click on the link, your account may have sent spam to other people in the directory.

If you've been affected and see an email sent to a friend, send another email to alert them. Don't forget to email friends who have sent you spam emails and say their Gmail has been hacked.

One difference between this attack and other phishing emails is that it doesn't send users to fake Google pages to steal passwords. It works inside Google's system, but taking advantage of one thing is being able to create a non-Google web application with the name of everyone familiar - Google Docs. If you pay attention to checking developer information, you'll see something like the image below.

This attack has overcome the ability to authenticate 2 elements and alert when logging on. When giving access, the attacker can get any information from the email, even use it to get the password for other services by sending an email asking for a password change.

The official announcement from Google Docs said it handled the situation

Google's latest announcement said it had taken measures to prevent attacks from spreading and solved the problem by blocking the fake app's ID. However, Google has not had a long-term solution for this type of scam.

We acted to protect users from impersonating emails as Google and disable accounts. We have removed fake pages, forced updates through Safe Browsing. Our team is working to prevent this type of attack from happening again. We encourage users to report phishing emails in Gmail.

Related articles:
How to detect scam online
The spam from fake Gmail addresses