An enormous phishing attack on a large scale has been dealt with by Google, today. You can call it a “phishing” scam because a random victim will be manipulated to provide access to your accounts when he or she is not aware of that. Another type of trick is to create a fake login page that can imitate the real one as much as possible.
According to the statement of Google, all the accounts linked with the scam have been disabled; in the meanwhile, to preclude such kinds of attack, the company also will bring out necessary precautions. Now, there is no likelihood that developers will let things named after other Google services word for word.
In case you are unfortunate to click on the link associated with today’s attack, Google will advise you to access myaccount.google.com/permissions to cancel the “Google Docs” app. You do not need to have separate authorization for Google Docs because it is included in Gmail by default.
It is said that you will receive an email that probably comes from your acquaintances to accept a Google Doc share request. When you click the link, you will be shifted to a Google-hosted page. Here, you still have to log into your Gmail account from another Google page. However, the third-party app you are taken to, is also called Google Docs. It will require your account’s permissions and you need to click “Allow” to open a can of worms. Then, all your contacts will be accessed.
It is hard to make sure that such kinds of attack will completely disappear in the future because a minority of people still would like to abuse it for their benefits. Thus, supposing that you receive app’ s requirements to access sensitive and important data such as your contact, your account or something like that, you have to proceed with the utmost caution.