Earlier today, the latest OAuth-based attack went viral. The attack starts with a simple email inviting the target to collaborate on a Google Doc from a known contact. Once the target clicks the “Open in Docs” link, he or she is redirected to a Google OAuth 2.0 page to authorize the “Google Docs” application. This is a fake application that is spoofing Google Docs. The application requests access to the target’s email and contacts, which provides an avenue to organically — and virally — expand. Read on and find out how you can prevent the next attack.