Google on Wednesday said it had stopped a phishing scam that tried to trick people into clicking on a Google Docs link, reported AFP. “We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” a Google spokesperson said.
The mail invited the user to click on a document shared on Google Docs. Doing this would take the users to a “legitimate” Google sign-in screen, reported The Guardian. Accessing this link granted a third-party app permission to access contacts and email.
Google said only the contact information of users was accessed in the phishing scam and no other data was exposed. “There is no further action users need to take regarding this event,” the statement said, adding that fewer than “0.1% users” had been affected by this – which is about one million of its users, reported BBC.
Security experts who reviewed the scam said the situation was serious as the malicious app could possibly also have access to users’ emails, contacts and online documents, Reuters reported.