Online Security – Google Account Phishing Scam

There is a very tricky phishing scam that is making its way around the web. If you use Google Docs for business or even Gmail, please stay vigilant.

This phishing scam starts like many other phishing scams: with an email. The malicious message reportedly arrives with the subject line “Documents” or “Documents attached” and points to a Google Docs link. Again, it shows up in the address bar as a google.com domain and takes you to a fake log-in page that looks just like the real Google login page. This is how the hackers get you. Sincethe scam usea a google.com URL and even makes use of Google’s SSL encryption, it’s almost impossible to tell that it’s a hack. Your best safeguard, as always, is a little bit of common sense.

“The fake page is actually hosted on Google’s servers and is served over SSL, making the page even more convincing” – Symantec security expert Nick Johnston explained in a blog post. “The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive’s preview feature to get a publicly accessible URL to include in their messages.” Continue reading →