Google confirmed that a phishing campaign is targeting roughly 1 billion of their users by gaining control of the users entire email history and spreading itself to all of the users contacts, according to NBCnews.
The email getting send out looks as if it is from a reliable source and asks the user to click on an attached document. When the user clicks on the attached document, the link takes the user to your real Google security profile, where it will ask for permission to manage your account.
The worm that is sent out to the users email also will send itself out to all of the users contacts, Gmail or otherwise, according to NBCnews.
Google released on Twitter that they are aware and investigating this scam.
Google also released, that if you receive a Gmail message with the mailinator.com address as the main recipient, immediately report it as phishing by clicking the down arrow beside the reply button and selecting “Report phishing.” Then delete it.
If you do click on the malicious link, don’t grant permission when the fake Google Docs app asks for it.