ALERT: The Google Drive Phishing Scam Returns!

Watch out: A highly convincing Google Drive phishing scam is back.

Reports indicate that it is being carried out by the same group of attackers as before, however this time around it comes with a little twist. In addition to stealing user credentials, the scam can now infect users with malware. Fortunately, however, whoever designed the phishing page made a little mistake that’s a dead giveaway to attentive users.

Drive Scam Play-by-Play Round 2

We first observed this type of attack back in March 2014. As then, the scam is carried out in the exact same way.

As before, users who enter their information and “Sign in” are redirected to an actual Google Doc containing irrelevant information.  At the same time, and in the background, the user’s Google log-in credentials are sent to the scammer’s web server.

How to Spot this Scam

This time around, the attackers made a mistake. In the bottom right hand corner of every legitimate Google Drive log-in page, there is a drop down menu for language selection.


drive language

The image above shows what this language menu is supposed to look like. On the Google Drive phishing webpage, all languages in the drop down menu have a ? in front of them; so, instead of English (United States) you would see ?English (United States). If you encounter this little bug, DO NOT PROCEED.

As before, it’s also wise to take the following precautions:

What Happens If You’re Phished

If you attempt to log-in to Google Drive through one of these phishing pages, you will be submitting your Google log-in credentials directly to a scammer. Armed with such information, the scammer could then log-in to your Google account and do anything they want.

This time around, the cybercriminals have also added a malware component to some of their landing pages. In this scenario, users who are phished are subsequently redirected to a drive-by download website that automatically initiates a malicious install.

Ensuring Drive Scam Protection

Though it is concerning that this scam is back and is actively being propagated through one of the most popular file sharing services on the web today, it is fortunate that its creators have slipped up and given users a red flag to look for and avoid. That being said, as knowledge of the ? bug spreads, it is likely that its authors will repair it.

It is for this reason that Emsisoft Anti-Malware has been built with a layer of automatic Surf Protection. We keep a running list of known fraudulent websites from all across the Internet – such as the ones involved in this latest iteration of the Google Drive phishing scam – and we feed it to Emsisoft Anti-Malware multiple times per day. As a result, if you’re running our software and you try to navigate to a malicious website, you will be prevented from doing so.

Finally, if you think you might have fallen for this recent scam or its predecessor, we recommend a password change, immediately.

Protect your device with Emsisoft Anti-Malware.

Did your antivirus let you down? We won’t. Download your free trial of Emsisoft Anti-Malware and see for yourself. Start free trial

Have a Great (Phish-Free) Day!



Freelance writer and security enthusiast based in the USA.

What to read next

Reader Comments