However, as Gizmodo points out, just playing it safe, and using some common sense will help you avoid problems.
The scam arrives in your inbox with the subject line â€œDocuments,â€ and points to a Google Docs link. It shows up in your browserâ€™s address bar as a google.com domain, and it takes you to a fake login page that looks like a genuine Google login page. If you enter your Google login credentials here, the phishers have you.
â€œThe fake page is actually hosted on Googleâ€™s servers and is served over SSL, making the page even more convincing,â€ explains Symantec security expert Nick Johnston. â€œThe scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Driveâ€™s preview feature to get a publicly accessible URL to include in their messages.â€
Following your login via the fake page, youâ€™re taken to an actual Google Doc, and your login info is sent to a PHP script on a compromised server.
To avoid becoming a victim of this sly scheme, just be wary and use common sense. First, be careful clicking links in emails. Yeah, we all do it, especially if we think we know the links are genuine, but be careful. Also, if you receive an email from someone you donâ€™t know, and the subject line is something like â€œDocuments,â€ well, thatâ€™s suspicious in itself.
Also, if you are taken to what is supposed to be a Google login screen, and you are a Google user, and it doesnâ€™t recognize you as such, AND you have to login with all your credentials, be VERY wary.