Mac Developer: Don’t trust OAuth: Why the “Google Docs” worm was so convincing | Ars Technica
Don’t trust OAuth: Why the “Google Docs” worm was so convincing | Ars Technica: "An evil phishing worm masquerading as "Google Docs" took the Internet by storm today. It sent an e-mail claiming to be from a friend or relative who wanted to share a document with you. Clicking on the "Open in Docs" button asked you to log in to Google, then it popped up a familiar OAuth request asking for some permissions."
Leggo my eggo.