Jan 12

Sophisticated Google Docs Phishing Scam Uncovered By Symantec

Spread the love

A Gmail Phishing Scam That You Cannot Escape
So one of the basic rules in identifying a Gmail phishing message is to check the email domain, the name at which the email is hosted. You can do this by opening the message and reading the sender’s email address at the top left corner of your message, the [from:] field. As you can see in the screenshot below, the mail is coming from the authentic Gmail Team mail-noreply@google.com.  If you see a misspelled domain or any email domain that tries to imitate Google, for example @go0gle.com, @googleteam.com, @googgle.com and many other variations, then you should know that it’s a fake domain.

Authentic Google Email Domain

Authentic Google Email Doman

However, as revealed by Symantec, scammers are getting more sophisticated and clever. They have devised a new phishing trick that makes use of an authentic domain name used by Google and Gmail. What does this mean? Well, it means you should be more wary, you should not rely on one sign to identify a fake phishing email. Look for many tell-tale signs. In this case, most people would easily be tricked into signing on a fake page because the domain is authentic.

The scammer who devised this trick definitely knows that many people will log into a fake page if the URL or domain is real. Besides using an authentic Google domain which makes use of a secure SSL certificate, this smart scammer created an authentic-looking Google Drive login page. Here is how the system works:
Inside Google Drive, which is a cloud server, the scammer created a public folder to host a fake Google login page. Google Drive files can be shared as a link and they can be opened online via Google Docs to view them. The scammer then inserted the links in Gmail messages, along with a message asking the recipient to open an “important” document. On clicking the link, the recipient will be directed to a fake Google Drive login page. All the while, the recipient will see an authentic Google URL, so there is no reason to doubt the authenticity of the page.Also, if you are regular user of secure websites, being asked to sign in again is not a new thing. It is not a surprise therefore that most Gmail users will think that being required to log in and out of your account is a security measure that Gmail takes to protect your account.
Once you sign in on the fake page, your login details will be captured and sent to an external server hosted by the scammer.What makes this scam sophisticated is that it doesn’t leave you with a feeling that something is wrong. It’s a smooth operator, after clicking the sign-in button, you will be redirected to the Google Docs document that was promised in the email.

Google Drive Login Phishing Page That Looks Real

So How Do You Protect Yourself?
We said one of the rules for identifying a fake phishing page is checking the domain name.However, what if you are hit by a scam that makes use of an authentic domain or URL as demonstrated by the scam above? Anyone can be a victim of this scam, and above all, you will be a victim without knowing it. Here are ways to protect yourself from this scam:
          Use a FIDO U2F USB security key. This USB key can identify phishing pages.

          Enable 2 Step Verification. It will not stop your password from being stolen but it adds an extra layer of protection (mobile phone verification) to stop hackers from accessing your Gmail account.

Related Post


Spread the love

9 comments

Skip to comment form

    • travel on December 28, 2016 at 3:09 am

    I for all time emailed this webpage post page to all my friends, as if like
    to read it after that my links will too. https://en.wikipedia.org/wiki/La_Gomera06-02

    • steve lloyd on January 15, 2017 at 9:12 pm

    what a mess and gmail is still missing , keeps wanting to start up a new account won’t log into old one , and wants to blend all together and can’t do it . geeky explanations don’t help any either . should have just left it as is

    • Ryan Hilton on May 19, 2017 at 1:11 am

    Fortunately, no virus is installed on a PC by this phishing scam. But that doesn’t mean you should relax. Take further steps to protect your computer by running a virus scan. If you have the Docs phishing app on your account, simply go to your permissions and identify any suspect app ( it will install itself as an official-looking app). Delete or remove the permissions that the app has, and this will block the app’s access to your account.

    • Tymon Samuel on May 20, 2017 at 3:14 am

    So this app mimics the official Google Docs, then attacks your account. The question is how do you identify the real Google Docs and a fake application. By granting access to the fake app, you would have allowed the hacker to loot your contacts.

    • Collin Norton on May 20, 2017 at 10:40 pm

    As a precaution, don’t click on any link in Google Docs. It might be a phishing link embedded by the hacker. Once you click the link, all hell will break loose and your account will be spammed in an instant.

    • Constantine Duvaris on May 21, 2017 at 11:01 am

    Has Google done something to fix the google docs phishing scam. To begin with, why should a giant like Google allow this to happen. They make millions of dollars in profit on a day basis from Advertisers, some of which could be used to improve their security systems. I hope Gmail is not going to be another Yahoo where billions of email accounts were hacked, otherwise I will move to a much secure private account.

    • Delma York on May 22, 2017 at 1:02 pm

    It seems someone has hacked my Gmail account because I am seeing sent messages which I don’t remember sending. There has been talk of a google docs virus which hijacks contacts and then unleashes a series of spam email to the contacts list. I have a malware scan on my Dell computer using malwarebytes, nothing found, so what is the best way to prevent a Google Docs attack?

    • Shelly Holmes on May 25, 2017 at 5:51 am

    I need the Google Docs virus scan. I think I am a victim of a hack. It was foolish of me to open Google Docs without verifying the sender. The attacker sent hundreds of spam email to my contacts and he was able to read my messages. Can Google do something about this.

    • Martin on May 25, 2017 at 8:09 am

    Hi, I think I received a phishing mail in my Gmail account, which I accidentally clicked. Now I think it’s affecting my computer, what should I do? Is there any Google docs email virus fix that I should download? Thanks.

Comments have been disabled.