Buzzfeed reported many people who have received the emails are listed in the BCC field, while another email address appears in the "To" field. The subject line reads "[someone in your contacts] just shared a Google Doc with you," in the same way legitimate Google emails appear when Google Docs are sent between users.
According to Fortune, many of the malware emails were sent to journalists.
Hacker Zach Latta posted a gif on Twitter showing what happens when an internet user clicks on the misleading link.
The link takes internet users to what appears to be a real Google page that asks for permissions across Google accounts. Granting permission would afford the hackers a significant amount of personal data and information.
Simply clicking the link and not granting permission appears to forward the email to everyone in your contact list, Buzzfeed reported.
In the event you clicked on the link, access your Google account settings here, and revoke access to Google Docs if you see that option -- it's not the real Google Docs.
Maybe you’re expecting a Google Doc invite link from a family member or friend? The best thing to do is contact that person through a medium besides email to confirm. If they say they didn’t send you anything, delete the suspicious email.
Google is investigating the incident.
“We have taken action to protect users against an email impersonating Google Docs (and) have disabled offending accounts,” Google wrote in a statement on Twitter. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”
Many people who received the emails took to social media to warn others.
>> Related: Bed Bath & Beyond Facebook coupon a scam, report says