Gmail users beware: a very convincing, very deceitful, phishing scam has been making its way around the Internet. The scam targets Google Doc and Google Drive users with a lookalike login page designed to steal your username and password. With 425 million active monthly Gmail users, these “phishermen” have cast quite a large net.
Before we get into the details of this scam, let’s have a little refresher: A phishing scam is a ploy that tricks you into entering sensitive data, like usernames, passwords and bank account information, by emulating a familiar website. These scams can take a variety of forms, though they’re often introduced through email, text messages or social media sites. Phishing scams can have varying levels of complexity, such as the intricate Netflix phishing scam I wrote about earlier this month, but they all center around one thing—tricking you into willingly giving away your personal information.
The Google Docs phishing scam is a textbook example: it aims to trick you into handing over sensitive login details, and it does exceptionally well. The scam starts with an email referring to an “important document” stored on Google Docs. Clicking on the link in this message will take you to what appears to be a Google Docs login page—but it’s not. This fake login page allows scammers to collect your username and password for their own malicious use.
Unfortunately for Gmail users, the page in this case is remarkably convincing—emulating Google’s typical login page. And here’s the clincher: because this scam is hosted on Google’s servers (the scam is, after all, a public folder on Google Drive) it effectively sidesteps one of the more reliable ways to detect a phishing scam. Generally speaking, phishing URLs are one or two characters different from the official website that they’re masquerading as. To top things off, because the scammers were hosting this attack on Google’s servers, the URL appears to be secure.
This attack on Google Doc users is especially troubling as Google uses a single login across all of their services. If the scammers successfully obtained login credentials for your Google Docs, they’d also be able to access your email, Chrome browsing history (including searches), YouTube account, and perhaps even be able to make purchases through the Google Play store if you’ve previously registered your payment information.
Despite the sophistication of this scam, there’s light at the end of the tunnel. After its discovery earlier this week, Google has successfully removed the phishing pages. They’ve also stated that their “abuse team is working to prevent this kind of spoofing from happening again.”
While this particular attack seems to have been vanquished, phishing scams in general are on the rise. By being aware of how these scams operate, and how to detect them, you’re well on your way to protecting yourself from the Internet’s many bad guys. Follow the steps below to help avoid falling victim:
- Double check your URL address. Most of the time, a phishing URL will have some reference to the entity it’s pretending to be, but with some form of variation. For example: www.google.com will take you to Google; www.googl.e3921.com (as an example) will take you to a crash page—but it could also take you to a phishing scam website. That being said, do be aware that the scam described above uses a legitimate Google URL and could trick even the most thorough of skeptics.
- Don’t send banking or login information via email or text. Professional services will never ask you to send sensitive information over email or text messages. They just don’t. At the bare minimum, they’ll ask you to sign into your account on their website (remember to check the URL) in order to address any sensitive information. If you’ve received an email asking for transmittal of financial or login details via email, you’d be wise to delete it.
- Watch the links. Be wary of clinking on links sent to you over email, text message or social media sites. Most are harmless, but the ones sent to you by someone you don’t know, or a business that you didn’t sign up for, could send you to a malware-infested site. McAfee® SiteAdvisor®, which comes with McAfee LiveSafe™ service, provides color-coded ratings on the safety of your browser’s search results and external links found in your Facebook and LinkedIn news feed when viewing from your PC or Mac. It will also provide a warning message after you click, but before taking you to the site, if the link appears harmful.
- Install comprehensive security software. As always, practice caution, and protect yourself online with comprehensive security services like McAfee LiveSafe. It will help block spam and dangerous email, as well as guard against malware and viruses on your PCs, Macs, smartphones and tablets.