- Jan 16, 2014
- 452
A very tricky phishing scam that takes advantage of Google Docs is making its way around the web. And since it uses a google.com URL and even makes use of Google's SSL encryption, it's almost impossible to tell that it's a hack. Your best safeguard, as always, is a little bit of common sense.
This phishing scam starts like many other phishing scams: with an email. The malicious message reportedly arrives with the subject line "Documents" and points to a Google Docs link. Again, it shows up in the address bar as a google.com domain and takes you to a fake log-in page that looks just like the real Google login page. This is how the hackers get you.
"The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing," Symantec security expert Nick Johnston explained in a blog post. "The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly accessible URL to include in their messages."
Once you log in through the fake page, you'll even be taken to an actual Google Doc. Your credentials will be sent to PHP script on a compromised server. You may never even know they've been swiped. Unless, of course, you don't fall for the scam in the first place.
Read the full news @ http://gizmodo.com/beware-of-this-dangerously-convincing-google-docs-phish-1546278702