Advertisement

Article

Watch out for this convincing Google Docs scam

Watch out for this convincing Google Docs scam
Lewis Leong

Lewis Leong

  • Updated:

A new Google Docs scam is making its rounds but this time, it’s extremely convincing. Scammers have found a way to create a fake Google Docs login page complete with a google.com domain in the URL. Here’s what you need to know and how to protect yourself.

The new scam uses Google’s own servers to make the login page more convincing. An attacker creates a folder inside a legitimate Google Drive account and marks a folder as public. Then a file is uploaded to the folder where the preview feature provides a publicly-accessible URL that scammers can use in emails. Here’s what the fake login page looks like:

Google Docs phishing page

If a person falls for the same, their user name and password will be sent to the attacker. Afterward, users are redirected to a legitimate Google Document, which makes the attack hard to detect.

To protect yourself, don’t click on any links from people you don’t know. If you’re suspicious of a link, type it out in the address bar yourself. If you’re currently logged in to your Google account, Google should recognize you already. Your profile image and name will show up on the login page instead of being blank like the fake page.

Now is a good time to enable two-factor authentication for your Google Account. This requires a randomly generated number to be entered in addition to your password. For more information about how to enable two-factor authentication on your account, check out our guide.

Source: Symantec

RELATED STORIES

Lewis Leong

Lewis Leong

Latest from Lewis Leong

Editorial Guidelines