New Phishing Scam Aims to Use Google Docs and Google Drive Against Us

Google Drive e1389907382920

Phishing scams are always just around the corner, and the latest one is taking aim at anyone using Google Docs, or Google Drive. This new scam however, is less obvious and more believable than most, which makes it more dangerous.

If you are a user of either Google Docs or Google Drive, you have more than likely received an email saying that a doc has been shared with you. If you have, then you most likely know the steps that need to be taken in order to see that shared doc. First you open the email, and then the link inside. Once you have done that you will be redirected to a Google sign in page, where after you sign in, you will be taken to the doc that has been shared.

Well this phishing scam does all of the above but the login page is very well done and leaves you believing you are at an official Google sign in page. However this is phishing scam we are talking about here, so you are not at an official login page. The email you opened up, with a vague but realistic subject that says “document” or something like that, has brought you to an unofficial login page. Where after you enter your information, it goes to a PHP script with an unsecured web server.

The goal is obvious, retrieve your Google login information and then your email, Google Play account and any other Google service are all compromised. The even scarier part, is this fake login page is hosted by Google, which makes it look even more real. Also after you click “Sign In” you will be shown a realistic doc. This was done by creating a folder inside Google docs, and marking it public. After doing so, they get realistic emails sent out to many potential victims about the shared doc. The difference is, the login page and the information you enter, is very valuable, and should never be taken lightly.

So keep your eye out for this scam, and be sure you know the person who is sharing a doc with you through Google Drive, or Google Docs. There really is no reason a stranger should be sharing anything with you anyway. Have you already seen this email, or are you protected against such things?