Top 100

Tuesday, August 26, 2014

Google Drive Phishing Account

Please be aware of this Google Docs phishing scam where scammers try to get you to login to a Google Docs site with a google.com URL and enter your login and password. If it seems fishy it's probably phishy. The article with the warning is below but basically be on the lookout for:

1. Websites that don't recognize you when you go to login. You've been using Google Drive long enough for your browser to recognize you and put in your username or in the very least not ask you to enter all of your credentials.
2. Emails that have a subject titled 'Documents' or something else suspicious.
3. Emails that ask you to click on a link or are not from someone that you recognize.

Symantec is warning users of a phishing scam that takes advantage of Google Docs that is worming its way around the web. And, since it uses a google.com URL, and even uses Google’s SSL encryption, its could fool even wary users.
Fake login left - Real login rightFake login on the left – Real login on the right. Click to view larger…
However, as Gizmodo points out, just playing it safe, and using some common sense will help you avoid problems.
The scam arrives in your inbox with the subject line “Documents,” and points to a Google Docs link. It shows up in your browser’s address bar as a google.com domain, and it takes you to a fake login page that looks like a genuine Google login page. If you enter your Google login credentials here, the phishers have you.
“The fake page is actually hosted on Google’s servers and is served over SSL, making the page even more convincing,” explains Symantec security expert Nick Johnston. “The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive’s preview feature to get a publicly accessible URL to include in their messages.”
Following your login via the fake page, you’re taken to an actual Google Doc, and your login info is sent to a PHP script on a compromised server.
To avoid becoming a victim of this sly scheme, just be wary and use common sense. First, be careful clicking links in emails. Yeah, we all do it, especially if we think we know the links are genuine, but be careful. Also, if you receive an email from someone you don’t know, and the subject line is something like “Documents,” well, that’s suspicious in itself.
Also, if you are taken to what is supposed to be a Google login screen, and you are a Google user, and it doesn’t recognize you as such, AND you have to login with all your credentials, be VERY wary.

No comments:

Post a Comment