A new phishing scam is spreading like wildfire, Google is taking action to stem the spread, but in the meantime, all users be warned. Users falling for this scam are unwittingly opening up their entire contact list to the scam, as they click the link continuing to spread it and infect unwarned users.
Here’s what you need to know —
- Clicking the link takes you to a real Google-Hosted page, with a list of your Google accounts ready to click
- It asks you to select an account and provide an app called “Google Docs”, yes, they somehow allowed a 3rd party to name an app “Google Docs” with account permissions
- As soon as you click the allow link/button, this not actually google docs app now has permission to read your emails and email all of your contacts, which it then uses to continue to spread the worm immediately to anyone you have ever emailed
This is perhaps one of the more sneaky worms yet released and looks very legit until you check the developer info and notice the discrepency. Stay safe and spread the word, not the worm.