A malicious email is spreading through the internet like wildfire and it includes an invitation to view a Google Doc.
Users are asked to click on the link, which ultimately gives the hackers behind the attack access to the contents of their Google accounts, including email, contacts and documents, Daily Mail reports.
Not only are victims' accounts controlled by a malicious party, but if users follow the instructions, the same email is sent to anyone they have ever emailed and their contacts.
The scam seems to have surfaced sometime yesterday afternoon and appeared to first target journalists - BuzzFeed, Hearst, New York Magazine and Gizmodo reported receiving the infected email.
However, looking at one of the emails shared by Joe Berstein from Buzzfeed, it is clear something is just not right.
The malicious emails appeared to be addressed to "hhhhhhhhhhhhhhhh@mailinator.com" with recipients BCCed.
Victims have noted that the email sender may be someone they know or who is one of their contacts.
Users are asked to click on a link to view a document, which provides the hackers access to the contents of their Google accounts, including email, contacts and online documents, according to security experts who reviewed the scheme.
Clicking the malicious link takes users to a real Google-hosted page that presents them with a list of their accounts, TechCrunch reported.
The page asks users to select one of their accounts and provide an app called "Google Docs".
Once you press "allow", the Google Docs app, which was developed by the cyber trouble makers, can sift through your emails and contacts, allowing it to continue the infected chain-mail.
- Daily Mail