Google is addressing a massive phishing scheme impacting an unknown amount of Google users.

The malware is masquerading as an email from someone the user may know and invites them to review a Google Doc link.

However the link allows the hacker to obtain all of the user’s personal data, including emails and address book, and then replicates the scheme by sending an email to all of the user’s contacts.

The scam was first reported on Reddit Wednesday afternoon.

A user who clicked on the fake link can disable it by revoking future access to Google Docs through Google’s Connected Apps and Sites page. It is also recommended that the user changes their Google password.

The company tweeted out a statement that said, “We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts. We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

Google did not immediately say how many users were affected by the scam, but Roxbury, Somerset Hills and Wayne Township Public Schools say that they were affected, along with NJIT police.