(Reuters) — Alphabet Inc warned its users to beware of emails from known contacts asking them to click on a link to Google Docs after a large number of people turned to social media to complain that their accounts had been hacked.
“We are investigating a phishing email that appears as Google Docs,” the company Tweeted from its Google Docs account on Wednesday. “We encourage you to not click through and report as phishing within Gmail.”
Users are asked to click on a link to view a document, which provides the hackers access to the contents of their Google accounts, including email, contacts and online documents, according to security experts who reviewed the scheme.
“This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” said Justin Cappos, a cyber security professor at NYU Tandon School of Engineering.
Cappos said he received seven of those malicious emails in three hours on Wednesday, an indication that the hackers were using an automated system to perpetuate the attacks.
He said he did not know the objective, but noted that compromised accounts could be used to reset passwords for online banking accounts or provide access to sensitive financial and personal data.
Google did not respond for requests to comment beyond its Tweet and other security experts said that victims should remove the hackers from their accounts as soon as possible.
“The point of the attack isn’t clear yet, but it could be a pre-cursor to some larger attack they’re planning,” said Matthew Gardiner, a security expert with email security firm Mimecast.
(Reporting by Alastair Sharp and Jim Finkle in Toronto; editing by Grant McCool)