There was a lot of buzz as many people received phishing emails disguised as invitations to open a Google Doc. By authorising it, users unwittingly gave access to their emails to attackers.
The size and scale of the attack was reminiscent of the viruses of days gone by, such as Melissa.
While Google has worked to close the flaw, it doesn't help those users that have clicked on the link.
If you have clicked on the link, then follow these steps:
1. Go to google account permissions page and remove access for the fake app https://myaccount.google.com/permissions
2. Change passwords on Google and any other site that may have been using the same password.
3. Enable two factor / two step verification (like needing an SMS code in order to log on).
Some are suggesting that given the similarities between this fresh phishing scam and the past activity of the DNC hackers, known as APT28, the Google phishers could be the allegedly Kremlin-backed crew. But to Jaime Blasco, chief scientist at security company AlienVault, that's unlikely: "I don't believe they are behind this though because this is way too widespread. Many people/organizations have received similar attempts so this is probably something massive and less targeted."