Google details how it clamped down on massive phishing scam

The company shut down the attack, which masked itself as a Google Doc invitation, within an hour.

Lynn La
Lynn La Senior Editor / Reviews - Phones
Lynn La covers mobile reviews and news. She previously wrote for The Sacramento Bee, Macworld and The Global Post.
Watch this: Google shuts down a big security problem

The internet was a flurry Wednesday over a sophisticated phishing scam that was circulating around to Google users.

With the aim to steal access to users' accounts, the attack was masked as an invitation to open a Google Doc. Victims were asked to open a document, which would unknowingly grant permissions to their accounts. The scheme would then employ a technique called Open Authorization (OAuth) that used emails in a user's contact list to continue spreading itself. (Click here for CNET's full Google Doc phishing explained.)

In a statement on Friday, Google's Mark Risher said the company shut down the campaign within an hour. It removed the rogue app's fake pages and applications, updated user protection in Gmail and the Google Cloud Platform and "re-secured affected accounts." Risher noted that fewer than 0.1 percent of users were affected by the scam.

To avoid this situation in the future, Google is also updating how it will handle OAuth applications, its anti-spam systems and how it will deal with third-party apps that want to request user info.

Google didn't immediately respond to a request for comment.