ALERT: Google Drive Phishing Scam

A new phishing scam is circulating one of the more populated regionsgoogle-login
of the web: Google Drive File Sharing.

Google Drive Scam Play-by-Play

  • The scam is initiated by the standard email request to view a shared document on Drive, with a subject line: Documents.
  • Opening the email reveals a link to what is said to be a “very important document.”
  • Clicking on the link leads users to a fake Google log-in page, which is essentially identical to the real one.
  • The fake log-in page is even hosted on Google and contains SSL certification.

Users who enter their information and “Sign in” are redirected to an actual Google Doc containing irrelevant information.  At the same time, and in the background, the user’s Google log-in credentials are sent to the scammer’s web server.

How to Avoid the Drive Scam

  • Delete any unsolicited invitations to share Google Documents.
  • Do not click on links you receive from people you don’t know.
  • Avoid logging in to Google through emailed links; instead, go to the real Google.com and proceed from there.
  • Stop and think: If you use Gmail and are already logged on to your Google Account, you shouldn’t need to log on again to access Drive.

ESSENTIAL READING:

Never fall for a phishing scam again. Read Emsisoft’s Guide on Phishing Scams and how to prevent them


Google Drive Scam Consequences

As Google’s actual log-in page makes clear, your log-in credentials provide access to “One Account.  All of Google.”  That means that users fooled by this recent scam provide attackers with access to everything they do on Google.  Gmail, Google+, Google Calendar, Google Play – all of Google indeed.  This consequence highlights the problem with using just one service provider, and thus one username and password, for all of one’s online activities.  Doing so may make things easier for you, but it also makes things easier for the bad guys.

Drive Scam Protection

Emsisoft Anti-Malware’s Surf Protection technology automatically protects users from malicious servers like the one used in this Google Drive scam.  Surf Protection utilizes a built-in list of dangerous websites that is updated in realtime, and it is completely immune to social engineering tactics like fake log-in pages.

If you have recently logged on to Google through a suspicious email request, Emsisoft recommends that you change your Google password immediately.  Even if you haven’t logged on through such an email, it is important to change any account’s password with some regularity.  Passwords are your first line of defense to Internet security, and when they are weak or reused the truth is that they’re not much good at all.

It is also important to remember that any email containing attachments, links, or requests to share files should be carefully examined before you click.  Emails are common vectors for malware, and messages from anyone but trusted co-workers, family members, or friends should automatically raise suspicion.

Have a Great (Malware-Free) Day!

  • Oh My God dont have an idea before if i click regularly the link on my Google Drive then Google treat my link as scam drive.every one need to read this post with tech related because this is very important to read post and know about the Google and tech News.

    Scam

  • J Martin Ward

    I’m surprised you didn’t mention turning on Google’s two-factor authorisation. That makes your Google accounts much more difficult to access from another computer if your password is compromised, although you should obviously change your password frequently as well.

    Just as an aside, if you choose a 10-character random password from the 62 characters generally available on a laptop keyboard (including using the Shift key), it would take about two weeks of continuous processing of the password file on a special processing machine (using dedicated graphics cards) to crack it (assuming 350 billion tries per second). That’s enough to put off most criminals. The problem is remembering it, but you can use an app like LastPass (mostly free) to do that for you.

    • emsisoft_steve

      Thanks, J. Two-factor authorization is great for securing any account that allows it — particularly online banking. In fact, with many banks it is mandatory. I think many users are slow to adopt it on their email accounts either because they 1) only email from home, and don’t consider the possibility of emailing on another computer, or they 2) email from multiple computers on a regular basis and find it annoying. It would be interesting to see what would happen if more service providers made two-factor authorization a requirement.

  • Mahazbek

    Действительно, есть двухэтапная аутенфикация и антифишинг. Попадутся только самые любопытные и неопытные. Максимум – спам через них отправят.

  • whyer63

    They always are counceling ‘be social and share this – or that’ but may be sharing itself is a potential risk, you can avoid that risk simply by not sharing anything at all!, like in the good old computer days when sharing was not so pushed like now and familiar. As for passwords, better and safer obviously not to store them on never your pc because those ‘smart’ scammers use programs available like siw and others for remote retrieving may be, so to simply steal them, it’s all about money you know. We have to get used now always thinking some hijacker nsa ‘screwer’ b.b. or other is looking on in real time (!) what you are doing on your pc and really film your passwords or even with those so called keyloggers they can retrieve the passwords also and burglars of that kind look for password lists in your house, so try to memorize the essential 5 or 10 passwords and not writing or typing them down never, too easy!

  • whyer63

    @emsifoft_steve Could you give some details on the so called backdoor entry possibilities used by nsa and thelike scammers and or hijackers and the fact that no security suite of the many available can or will block that and this seems to be a bit disturbing double standards anyway or may be I am not very well informed.

    • emsisoft_steve

      Hi Whyer,

      Here’s a good place to start: http://blog.emsisoft.com/2007/08/20/tec070820/
      The second to last paragraph best describes Emsisoft’s stance on the issue of governmental monitoring. The article may be from 2007, but our guiding principles have remained the same. You might also be interested in our recent article on MetaData: http://blog.emsisoft.com/2014/03/21/metadata-and-mobile-security/

      I look forward to hearing your thoughts.

      • whyer63

        Hi emsisoft_steve, thanks for the quick response, it was merely a blogger who made the remark of so called backdoor holes but clearly now I understand those backdoor entry’s he ment are in the OS or Windows. I read carefully the articles about this stuff and specially that federal trojan article was really well done and frightening realistic. I wonder actually what can be done with plain malicious harrassment of all kind by those remote operating so called security guards who behave sometimes with sickening pest manners when on the hijack on someones pc, sometimes it’s worse than ordinary scammers they say because more psycho you know!..

  • Pingback: Trackback()

  • Pingback: Trackback()

  • Pingback: Logical IT Google Drive Phishing Scam Alert » Logical IT()

  • Pingback: Trackback()

  • Pingback: aristotelic calciocarnotite aerographical()

  • Pingback: afterwards calcaneus accursedly()

  • Pingback: ALERT: 18 Million Email Accounts Compromised - AhelioTech()

  • I readed the email , but nothing happened no needed to log it , i didint even notised a link LOL

  • Pingback: PlayStation 4 slim()