The scam claimed to come from Google Docs, with the subject line claiming a contact has 'shared a document on Google Docs with you'. It invited people to click a link and follow instructions in order to edit a Google Doc.
Those who clicked the link were taken to a Google-hosted page, and asked to allow a service to access their email account data. If they granted permission, they will have allowed hackers to potentially access their email account, contacts and online documents. It then emailed everyone in their contacts list with the same message.
What can you do?
Google said it had caught the attack and put a stop to it within an hour, but anyone who clicked on it during this time may have exposed their details. It said in a statement: "While contact information was accessed and used by the campaign, our investigations show that no other data was exposed."
"We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts. We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again."
It added: "There's no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup." This is worth doing if you concerned you may have been affected.
You can also go to https://myaccount.google.com/permissions and see if "Google Docs" is listed as having access to your Google account. If it's there, it's the fake (the real one won't appear on this list). Select it, and click 'remove'.
Why this is a worry
Security experts say this represents a sophisticated development of the phishing scam, because instead of getting people to hand over their personal details, the scammers built an app that used Google's processes to enable them to access the data.
Raj Samani, Chief Scientist at McAfee added: "Phishing attacks remain the most common method of manipulating individuals into clicking on links and ultimately installing malicious content onto their systems. Taking advantage of trusted, well-known brands attempts to leverage the use of authority, resulting in the incoming messages to appear trusted to the consumer."
He said that the best way to protect ourselves is to be aware of the emails we are expecting, and be wary of anything unexpected - even if it comes from a trusted sender. He says: "Think twice before acting; go straight to the source through a different communication channel if you receive a link you were not expecting. Also, hover over links to see if it is a reliable URL. Or search online for other instances of this campaign, and what those instances could tell you about the email's legitimacy."
Victims of scams and fraud
Victims of scams and fraud
Susan Tollefsen, Britain's oldest first time mother, was scammed out of £160,000 by a fraudster she met on an online dating site. A man claiming to be an Italian gold and diamond dealer told her he was in the middle of a land deal but couldn't access cash. Tollefsen felt sorry for him and started wiring him money, eventually selling her jewellery, her flat and borrowing £32,000 from friends to give him. Read the full story here.
In March 2015 an American woman who was only identified as 'Sarah' went on the popular US television programme the Dr Phil Show to reveal she had sent $1.4 million to a man that she had never met. Although she was certain she wasn't being scammed, her cousin made her go on the programme because she was convinced it was a scam. Find out more about the story here.
Maggie Surridge employed Lee Slocombe to lay a £350 deck in her garden in March 2015. However Slocombe used a combination of lies to scam Surridge out of thousands of pounds. He told Surridge that the front and back walls were dangerous and needed rebuilding and also conned her into building a porch, all for the cost of £8,500. Read the full story here.
It's not just individuals who can be the victims of scams, big corporations can also fall foul of these fraudulent practices. In 2015 Claire Dunleavy repeatedly used a 7p 'reduced' sticker to get significant amounts of money off her shopping at an Asda store in Burslem, ending up with her paying just £15.66 for a shop that should have cost £69.02. Read the full story here.
Sylvia Kneller, 76, was conned out of £200,000 over the space of 56 years thanks to scam mail. The pensioner became addicted to responding to the fraudsters, convinced that she would one day win a fortune. Ms Kneller would receive letters claiming she had won large sums of money but she needed to send processing fees to claim her prize. Learn about the full story here.
Leslie Jubb, 103, became Britain's oldest scam victim in August last year when he was conned out of £60,000 after being sent an endless stream of catalogues promising prizes in return for purchasing overpriced goods. The extent of this con was discovered when Mr Jubb temporarily moved into a care home and his family discovered what he had lost. Find out more about this story here.
Stephen Cox won more than £100,000 on the National Lottery in 2003 but has been left with nothing after falling victim to two conmen. The 63-year-old was pressured into handing over £60,000 to the men who told him his roof needed fixing. They walked him into banks and building societies persuading him to part with £80,000 of cash while doing no work in return. See the full story here.
Last year the Metropolitan Police released CCTV footage of a woman who had £250 stolen at a cash machine in Dagenham. The scam involved two men distracting the woman at the machine, pressing the button for £250 then taking the money and running away. Read about the full story here.
Rebecca Ferguson shot to fame as a runner up on the X-Factor in 2010 but fell victim to a scam artist last year when someone she had believed to be a friend conned her out of £43,000. Rachel Taylor befriended the singer in 2012 and claimed to be a qualified accountant, so Ferguson allowed her to look after her finances. Instead of doing this Taylor stole £43,000 from the Liverpudlian singer. Read more here.
When Rebecca Lewis discovered her fiance had started a relationship with a woman he met online she packed her bags to leave. But that didn't stop her checking out the mystery woman, Rebecca quickly realised Paul Rusher's new love was actually part of a romance scam. She told Paul just before he sent the scammers £2,000 which was supposed to bring his new girlfriend to England. Find the full story here.