Alphabet Inc warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked.
Google said on Wednesday that it had taken steps to protect users from the attacks by disabling offending accounts and removing malicious pages.
“Our abuse team is working to prevent this kind of spoofing from happening again,” the company said in an email to Reuters.
The malicious emails asked victims to click to view a file created with Google Docs. Anybody who did that unknowingly granted hackers access to their Google account data including emails, contacts and online documents, according to security experts who reviewed the scheme.
“This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.
Cappos said he received seven of those malicious emails in three hours on Wednesday afternoon, an indication that the hackers were using an automated system to perpetuate the attacks.
He said he did not know the objective, but noted that compromised accounts could be used to reset passwords for online banking accounts or provide access to sensitive financial and personal data.
(Reporting by Alastair Sharp and Jim Finkle in Toronto; editing by Grant McCool)