Google Drive Phishing Scam
Most scam e-mails can be differentiated due to the URL's domain name that will re-direct you to a non-legitimate site with an alternate domain name. However, beware of a Google Drive phishing scam that has been making its way around the web. An experienced phisher has made their way into the Google database, stealing Google's log in information by using the Google servers against its own company.
Symantec, a California security firm, uncovered the phishing attempt and immediately notified users via their blog. Watch out for any e-mail titled “Documents” including a URL that attempts to re-direct the user to an important message on Google Drive.
By directing users to this link, phishers are now able to access all of their information stored in their Google Drive account including documents, payment information, and e-mails. The link redirect is an authentic Google URL, with an SSL authentication with an identical log in to that of Google Drive. From here, an enticing “One Account. All of Google.” is displayed to prompt users to log in.
Since this document is not only hosted on Google Drive, but it also possesses a very realistic and impressive page, this phishing scam can mislead even the most technical and uninformed users alike.
Whether or not this scam is cleverly devised, cautious users can easily spot a few red flags. The display name for this email states that it is officially from Google, but it is in fact not. It is considered bad from to click on the links embedded in emails, but in this case, copying and pasting would still take the user to an “authentic” Google page.
If you happen to receive an email implying that it is from a large internet organization like Google, be sure to compare the content of the email to the company's official blog and/or Twitter feed. It is uncommon for companies to institute policy changes without educating its users on a large scale.
If this ends up happening to you use this two-step authentication for your Google account. Make sure to change your password as soon as possible, and do not feel like you have been taken by this one.