This morning we received a report from one of our users saying he received an email from a trusted source (his lawyer) that an important file has been posted on Google Drive docs and that he needs to look at it urgently. When the user clicked on the link he was directed to this website you see below,
This seems to be a legitimate Google website, but if you pay close attention you will find that the URL is not correct! This is a clear indicator that there is a phishing attempt here where they are trying to hijack your email and you must be very careful.
How Google drive phishing scam works
When you receive this email everything looks in order since you look at the email of the sender and it is someone you know. They ask you to view the document they are sending and you of course click on the link or attachment to view it.
Once you click you will be redirected to a page were you will find a trusted name or brand, in our case Google Drive one of the Online Search Engine giants, Why would you question anything right? Wrong! you must always check and make sure you are in a legitimate website, specially when they are asking for information like on this page where they ask you for email and password.
If you enter your email and password and press submit, the hackers will automatically have access to your email account and can make some serious damage. An automated system will log into your email account, make a copy of ALL your contacts and attempt to delete them.
What should you check for?
- One clear indicator is the URL. Look at the URL and if it is a known site but the URL seems different chances are that this might be a phishing site
- Most websites that require information have a secure connection that you can identify by looking at the URL. If you see “HTTPS://” (pay attention to the “S” which means secure connection) this means you are in a secure connection. Other wise it is not secure “HTTP://” and your information can be captured by others.
As a rule of thumb you should always check when you receive these kind of emails first for the connection if its secure then continue down the URL and make sure the domains match (you need to look very carefully because they can do things like goolee.com if you see here there are 2 “e” at the end and to the quick eye you might just read google.com)
If you have been a victim of this Google Drive phishing scam read this next post and learn how to recover.