Google Drive Phishing Scam

Phishing Campaign is Frighteningly Convincing!

Gmail users beware: a very convincing, very deceitful, phishing scam has been making its way around the Internet. The scam targets Google Doc and Google Drive users with a lookalike login page designed to steal your username and password.

Google Drive phishing scam

We have been made aware of a new phishing scam targeting Google Doc and Google Drive users.

You may receive an email from one of your contacts, granting you access to a document stored in Google Drive. Click on the link and you’re taken to the normal Google Drive sign-in screen.

Then, after entering your username and password, you’re asked to enter your verification – either your mobile phone number if you have one associated to your account, or your secondary email address.

When you’ve entered this information, you’re forwarded to your Google Drive, but there’s no document in sight. This fake login page allows scammers to collect your username and password for their own malicious use.

fake-google-drive An ongoing phishing campaign is targeting users by redirecting them to this page, an identical reproduction of Google Drive's log-in process.

An ongoing phishing campaign is targeting users by redirecting them to this page, an identical reproduction of Google Drive’s log-in.

You can read a more detailed summary of the Google Drive Phishing Scam through the following articles:

http://www.mailguard.com.au/blog/watch-out-new-fake-google-phishing-email

http://www.csoonline.com/article/2953190/vulnerabilities/google-drive-phishing-is-back-with-obfuscation.html

 

What you need to do

If you receive an email similar to the one below (the content may vary slightly), you should DELETE IT IMMEDIATELY.

Phishing Scam Email:

From: Norman McKenzie <[email protected]>
Sent: 23 November 2016 at 14:17
To: Undisclosed recipients:
Subject: Urgent Review

Please find Attached Financial document for your review.

Thanks.

DO NOT

  • Respond to the Email in any way!
  • Click any links!
  • Open any attachment!
  • Login to your Google Drive or Google Docs account!
  • Provide any data to any websites mentioned.

Follow the steps below to help avoid falling victim

Double check your URL address. Most of the time, a phishing URL will have some reference to the entity it’s pretending to be, but with some form of variation. For example: www.google.com will take you to Google; www.googl.e3921.com (as an example) will take you to a crash page—but it could also take you to a phishing scam website. That being said, do be aware that the scam described above uses a legitimate Google URL and could trick even the most thorough of skeptics.

Don’t send banking or login information via email or text. Professional services will never ask you to send sensitive information over email or text messages. They just don’t. At the bare minimum, they’ll ask you to sign into your account on their website (remember to check the URL) in order to address any sensitive information. If you’ve received an email asking for transmittal of financial or login details via email, you’d be wise to delete it.

Watch the links. Be wary of clinking on links sent to you over email, text message or social media sites. Most are harmless, but the ones sent to you by someone you don’t know, or a business that you didn’t sign up for, could send you to a malware-infested site. Most Anti-Virus software provide ratings on the safety of your browser’s search results and external links found in your Facebook and LinkedIn news feed when viewing from your PC or Mac. It will also provide a warning message after you click, but before taking you to the site, if the link appears harmful.

Install comprehensive security software. As always, practice caution, and protect yourself online with comprehensive security services like Norton, McAfee, Avast and so on. It will help block spam and dangerous email, as well as guard against malware and viruses on your PCs, Macs, smartphones and tablets.