This Google Drive Phishing Scam Is Difficult To Spot

Phishing scams are a common threat of the internet. If users aren’t careful, they can easily be tricked into giving away log-in credentials and other valuable information without even realizing they’re being scammed. At Gizmodo, Adam Clark Estes reports on one of the latest and trickiest phishing scams to hit the web.

The reason this scam is so tricky is because it manages to avoid some of the usual tell-tale signs of phishing. It begins with an unsolicited email arriving in your inbox. The email has the subject line “Documents” and contains a link to Google Drive. On the surface, receiving an email from someone you don’t know that’s called simply “Documents” sounds suspect. But, the Google Docs link is legitimate and points to a google.com URL. What’s the harm in following the link and finding out if this document is really meant for you?

Unfortunately, that’s the thinking of many users. When you follow the provided Google Drive link, you land on an official looking Google log-in page. In fact, it’s an exact replica of an actual Google log-in page. The only difference is that it asks you to enter both your email and password, even if you’re already logged in to your Google account. Many users won’t think twice about entering their information, but noticing this subtle inconsistency is key to avoiding a scam.

Logging in to this spoofed page does take you to a legitimate Google document, but attackers already have your password.

This is another example of how online threats are becoming more intelligent and harder to avoid. For phishing scams like this one, it’s important to remember to avoid following links in your email. Many times, you can visit a website directly, rather than following a provided link. This way, you’ll be sure to land on the actual site rather than a malicious copy.

This scam uses Google Drive because users trust a page with Google’s recognizable logo and branding and because users can’t access a document in Drive without following the link. If you receive an email inviting you to view a file in Drive, be sure you verify who sent it before following the link.

If you’ve been the victim of an attack and need help recovering data, removing malware or improving security, call Geek Rescue at 918-369-4335.