Phishing scams on the Internet are not new, but this time a potentially highly dangerous scam targeting Google Docs and Drive users is making its rounds on the Internet. Like most phishing scams, this one starts in your inbox with an email titled, “Documents”. This email urges you to view an important document by clicking on a link that is provided. The ‘clever’ aspect of this scam comes from the fact that the scammers send you to an actual google.com page with a fake login which makes it all the more believable.
“The fake page is actually hosted on Google’s servers and is served over SSL, making the page even more convincing,” explained Symantic security expert Nick Johnston in a blog post.
“The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive’s preview feature to get a publicly-accessible URL to include in their messages.”
Login prompts like this are pretty common when accessing Google Docs, especially if you’re in the habit of logging out each time, so users might enter details without giving it much thought.
Once logged in though, user credentials are sent to a PHP script on a compromised web server and the user is then redirected to a real Google page, which makes the whole scam look legit. So legit that you may never know your info has been swiped.
You might not think that getting your Google doc account details is of any importance but Google accounts are popular with phishers because they can be used to gain access to many services including Gmail and Google Play to buy and download android apps.
To avoid falling for a scam such as this one:
Be wary of clicking on links in emails – especially if it comes from someone you don’t know and, sometimes, if it comes from someone you do know but don’t keep in touch with. It’s not unknown for hackers to hack into a person’s account and send out emails to that person’s address book. If you receive an email from an unknown person with the subject line ‘documents’ it’s best to trash it. Secondly, if you do arrive at a login page, Google should recognize you as a user (if you’re a Google user). If not, be wary about signing in. Best to just close the page. If it is a legit document, the person will get in touch again.
Pretty ingenious stuff.
ouch