As for Wednesday's hack, Google say sit has taken actions to disable offending accounts and made updates to its Safe Browsing system. We encourage you to not click through & report as phishing within Gmail. We'll keep an eye on the situation and report on any further developments. "The subject line reads "[someone in your contacts] just shared a Google Doc with you", in the same way legitimate Google emails appear when Google Docs are sent between users. They are in fact malicious files meant to hijack recipients' accounts - and Google advises its users not to open them.
Users who clicked a link and followed instructions, risked sending the email on to everyone in their address box. Invite recipients are BCC'd in the email.
Luckily, Google says that if you clicked on the Google Doc phishing link, you don't need to do anything else right now to protect yourself.
While it may appear that the email is coming from someone you know, it isn't.
The search giant will now redirect users to different page when people click on malicious Docs link.
Find out if your account has sent any spam emails by clicking on your "sent" folder, and if so, follow them up with real messages advising your contacts not to open the messages.
On Wednesday mid-afternoon, several agencies, businesses and schools in the area posted not to open the Google Doc email sent from their department's accounts; they said it was a virus.
San Diego State University security officials sent an internal email that says, "The university is now under a mass phishing attack".
The anti-phishing security check means users will be shown a warning when clicking on a suspicious link in an email.
If you see a "Google Docs" app in your permissions, this is the malicious app. If any app ever requests permission to access sensitive information like your contacts, you should proceed with caution.
If you think you were taken in by the scam, head over to Google's security page, and remove any connected apps that looks fishy or phishy.