News is emerging via a Symantec blog that Symantec has discovered a phishing campaign targeting Google Drive users that is particularly cunning and difficult for users to spot as a scam.
Victims receive an email with a subject line “Documents” and are asked to click on a link to an apparently important document; but clicking takes the user not to Google Docs but instead to a login page similar to those used for many of Google’s services.
To make matters wrose, that false page is hosted on Google’s own servers and delivered via SSL, causing the page to appear all the more convincing.
The swindlers have simply made a folder inside a Google Drive account and marked it as public. The file uploaded there has a publicly-accessible URL they can deliver as a link. The fake login page steals login data before redirecting to Google Drive documents.
Let’s be careful out there.