The Inquirer-Home

Google Docs phishing scam targets Google Drive users

Tricks users with a fake login prompt
Fri Mar 14 2014, 11:41
Google Drive for Android is a cloud-based document and file storage service

SECURITY FIRM Symantec has warned of a sophisticated scam targeting Google Docs and Google Drive users.

The scam targets users via a Google Docs login prompt window that will look familiar to many Google users, said the firm. 

"We see millions of phishing messages every day, but recently, one stood out," Symantec security expert Nick Johnston warned in a blog post. "The scam uses a simple subject of 'Documents' and urges the recipient to view an important document on Google Docs by clicking on the included link."

The link is of course malicious and drives users to a convincing fake Google Docs login page that prompts the user to input their details.

"The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing," Johnston explained. "The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly accessible URL to include in their messages."

As it's quite common to be prompted with a login page like this when accessing a Google Docs link, Symantec said that many people will happily enter their login credentials without a second thought.

After the user clicks on "Sign in" on the fake login page, their credentials apparently are sent to a PHP script on a compromised web server.

"This page then redirects to a real Google Docs document, making the whole attack very convincing," Johnston's blog post continued. "Google accounts are a valuable target for phishers, as they can be used to access many services including Gmail and Google Play, which can be used to purchase Android applications and content."

To ensure that you're protected against such scams, take extra precautions when logging into Google Drive and, basically, don't click on any links you receive in unsolicited emails. 

"Users should be wary of clicking on links in email messages, and of any form requesting your personal details," Johnston told The INQUIRER in an emailed statement. "For Google services specifically, consider using their two-factor authentication service which supplements passwords with a dynamically changing number accessed either via an app on your smartphone or by text message." µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015