Consumer, Consumer Threat Notices

Google Docs Phishing Campaign is Frighteningly Accurate

11
By on Mar 21, 2014

Gmail users beware: a very convincing, very deceitful, phishing scam has been making its way around the Internet. The scam targets Google Doc and Google Drive users with a lookalike login page designed to steal your username and password. With 425 million active monthly Gmail users, these “phishermen” have cast quite a large net.

Before we get into the details of this scam, let’s have a little refresher: A phishing scam is a ploy that tricks you into entering sensitive data, like usernames, passwords and bank account information, by emulating a familiar website. These scams can take a variety of forms, though they’re often introduced through email, text messages or social media sites. Phishing scams can have varying levels of complexity, such as the intricate Netflix phishing scam I wrote about earlier this month, but they all center around one thing—tricking you into willingly giving away your personal information.

The Google Docs phishing scam is a textbook example: it aims to trick you into handing over sensitive login details, and it does exceptionally well. The scam starts with an email referring to an “important document” stored on Google Docs. Clicking on the link in this message will take you to what appears to be a Google Docs login page—but it’s not. This fake login page allows scammers to collect your username and password for their own malicious use.

Unfortunately for Gmail users, the page in this case is remarkably convincing—emulating Google’s typical login page. And here’s the clincher: because this scam is hosted on Google’s servers (the scam is, after all, a public folder on Google Drive) it effectively sidesteps one of the more reliable ways to detect a phishing scam. Generally speaking, phishing URLs are one or two characters different from the official website that they’re masquerading as. To top things off, because the scammers were hosting this attack on Google’s servers, the URL appears to be secure.

This attack on Google Doc users is especially troubling as Google uses a single login across all of their services. If the scammers successfully obtained login credentials for your Google Docs, they’d also be able to access your email, Chrome browsing history (including searches), YouTube account, and perhaps even be able to make purchases through the Google Play store if you’ve previously registered your payment information.

Despite the sophistication of this scam, there’s light at the end of the tunnel. After its discovery earlier this week, Google has successfully removed the phishing pages. They’ve also stated that their “abuse team is working to prevent this kind of spoofing from happening again.”

While this particular attack seems to have been vanquished, phishing scams in general are on the rise. By being aware of how these scams operate, and how to detect them, you’re well on your way to protecting yourself from the Internet’s many bad guys. Follow the steps below to help avoid falling victim:

  • Double check your URL address. Most of the time, a phishing URL will have some reference to the entity it’s pretending to be, but with some form of variation. For example: www.google.com will take you to Google; www.googl.e3921.com (as an example) will take you to a crash page—but it could also take you to a phishing scam website. That being said, do be aware that the scam described above uses a legitimate Google URL and could trick even the most thorough of skeptics.
  • Don’t send banking or login information via email or text. Professional services will never ask you to send sensitive information over email or text messages. They just don’t. At the bare minimum, they’ll ask you to sign into your account on their website (remember to check the URL) in order to address any sensitive information. If you’ve received an email asking for transmittal of financial or login details via email, you’d be wise to delete it.
  • Watch the links. Be wary of clinking on links sent to you over email, text message or social media sites. Most are harmless, but the ones sent to you by someone you don’t know, or a business that you didn’t sign up for, could send you to a malware-infested site. McAfee® SiteAdvisor®, which comes with McAfee LiveSafe™ service, provides color-coded ratings on the safety of your browser’s search results and external links found in your Facebook and LinkedIn news feed when viewing from your PC or Mac. It will also provide a warning message after you click, but before taking you to the site, if the link appears harmful.
  • Install comprehensive security software. As always, practice caution, and protect yourself online with comprehensive security services like McAfee LiveSafe. It will help block spam and dangerous email, as well as guard against malware and viruses on your PCs, Macs, smartphones and tablets.

To stay on top of the latest consumer security threats, follow @McAfeeConsumer on Twitter and Like us on Facebook.

 Gary Davis

11 Comments

  • Shelley

    I used to consider myself a smart person, but I just fell for this scam. The most immediate result is that the same email was sent to all my contacts and several of my emails were deleted. Is there anything I should do besides change my email password? By the way I use Outlook (Hotmail). Thank you!

    • Shelley…don’t be too harsh on yourself. The hackers are getting better and better. You should definitely change your passwords and it would be good to email your friends and let them know not to click on the links in "that" message.

  • Gail

    Just rec’d this email this morning. I did click on the link and gave my NON google email. Going to change my password now.

    It looked legit since I would expect and "important doc" from the sender.

    Just wanted to say it is still out there

    • Gail..yes it’s often very hard to tell the difference between these emails. That’s why we need help spreading the word to keep everyone safe!

  • HELEN

    I’m always super careful with my computer. 4 different types of malware/virus checkers on it and yet on 24th June this year, I logged onto my Gmail to send an one email and the log in page which looked fully legit must have been a fake and over the next 2 days, my bank account was drained by app purchases. Over £3000 gone.

    I never had any emails from Google/Gmail with links on which I clicked either.

  • Warren Martin

    it’s back – seen it twice in the past two weeks here in June 2014

  • Melanie

    If I clicked the link, but it didn’t fully load before I shut it down, will be okay or should I wipe my phone as a precaution?

  • Randi Rubenstein

    Here is where I got snagged. It has been programmed to reply! I thought I was being extra cautious. When I sent a reply to the sender asking for confirmation, it responded from the same email address: "The email is from me, you can check it out. Thanks." Looked legit since we had traded docs before. Ouch!

    • Ouch is right! It’s best to not reply to any email you think is spam or a scam. When you reply, they now know for sure that this is a valid email address. It’s better to be safe than sorry and just delete the email or mark is as spam.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>