A particularly nasty spam worm that looked like a Google Doc link spread around the internet on Wednesday.
Here’s what one of the emails looked like:
At least hundreds of thousands of people got emails purporting to be a Google Doc shared from a contact, but it turned out to be a scam. If someone clicked on the fake Google Doc, the bug would email itself to their entire contact book.
That’s how it went viral.
The worm ended up affecting fewer than 0.1% of Gmail users, a Google spokesperson told Business Insider in a statement on Thursday. Gmail has at least 1 billion monthly active users, so that suggests the worm could’ve affected as many as 1 million users.
Luckily, Google says that if you clicked on the Google Doc phishing link, you don’t need to do anything else right now to protect yourself. Google said it has disabled the offending worm, and I personally found that Gmail started marking the worm’s emails as spam.
Here’s Google’s full statement:
“We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1% of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”