Gmail and Google customers were recently hit with a very realistic looking phishing attack

users would be sent an email that looked like this but the actual docs link was fake.

If you clicked on it or opened it, your Google login would popup asking for users grant the fake Docs app the ability to
“read, send, delete and manage your email”. As well as “Manage your contacts”

This is a bit different then other phishing attacks as it’s difficult to spot that it’s a fake and it works through the Google ecosystem.

Google has shut down the attack but it’s possible that these emails could still be in your system.

The main way to spot is that the senders email tends to be a lot of “h”‘s with otehr users CC’d or BCC’d

To check if you have been a victim of this, you will need to go to your google settings and remove the permissions if you granted them

Start by going to : https://myaccount.google.com/permissions

hold down “CTRL” then press “F” for FIND.
Search for DOCS
remove the permission of this ‘fake app’ to your email and contacts list

If you are a victim of this, be sure to change your Google password ASAP

It’s a good idea to change your passwords regularly either way..