A sophisticated identity phishing campaign hit Google's roughly 1 billion Gmail users worldwide on Tuesday. The attack sent a Gmail user an emailed invitation from someone they may know. This user is then taken to a legitimate Google sign-in screen and asked to "Continue to Google Docs". By clicking through at this stage, the user has given permission to a malicious third party app to access their Gmail account.
Google has confirmed it has now fixed the phishing attack. said a Google spokesperson. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”