There is a new phishing scam and it involves Google Docs and Google Drive. If you have received an email with the word “documents” in the subject line and it directs you to what looks like a Google Drive sign in page, please do not log in. If you don’t know what phishing is, simply put it’s the sending of an email or posting of a link with the intention of getting you to give up your private information by misleading you to believe the email or post came from a legitimate source. While this is nothing new, the sad thing is that phishing scams are becoming more and more sophisticated. It’s getting harder to spot a scam.
According to the Symantec Official blog, in this recent phishing scam the fake page targeting Google Docs and Google Drive users is actually hosted on Google’s server and is served over SSL making it look quite legitimate. The login page looks very similar to the authentic Google log in page easily fooling many users.
Here is what an authentic login page look like versus the fake login page:
The authentic image is image 2. Did you notice any difference? I didn’t either which makes it easy for hackers to mislead users. For Google Docs and Google Drive users, it’s common to be prompted to login to your account with your username and password without giving it much thought to the process. In this latest phishing scheme, instead of taking you to your Google account page after you sign in, it will actually take you to a Google Docs document and your credentials are automatically sent to a PHP script of a compromised server.
How To Protect Yourself
- As mentioned above, if you receive an email with the word “document” in the subject line from someone you don’t know, do not click on any links included in that email. Even if it’s from someone you know, do not click on any links within the body of the email.
- If you happen to click on a link and a login page comes up without recognizing you as a Google user, that is most likely a fake login profile. It is pretty suspicious to be asked to login again especially if you are regularly using your Gmail account.
- If you believe you have already been compromised, Google suggests you change your password immediately.
According to Gizmodo, Google has already removed the fake pages and their abuse team is working to make sure this kind of phishing attempt will not happen again. As these scammers become more sophisticated, I suggest you continue to be vigilant and make sure you never give out your credentials without confirming the legitimacy of the source.