Don’t Fall for the New Google Docs Phishing Scam

In the past, you’ve almost certainly received fraudulent emails from scammers attempting to mimic Ebay, PayPal, banking institutions, or in some instances, even funeral homes and court systems. But more recently, criminals are turning their eyes toward other large companies, and using their good reputations against them—or as the case may be—against you.

In fact, not even Google is safe. As Symantec recently announced, a new email phishing scam that involves Google Docs is running rampant. Here are the important details:

  1. You’ll receive an email featuring a subject line of “Documents,” or something of the sort.
  2. Once the email is opened, you’ll be asked to download a crucial document—but not before being asked to first login to your Google Docs account. However, as with any phishing scam, this is not a legitimate Google login page.
  3. What it is, however, is simply the preview page of a PHP file stored in a public Google Drive folder. After you enter your login information, it is then stored in the file and retrievable by the scammers.
  4. Once the process is complete, you’ll be redirected to an actual Google document so that no suspicions are immediately raised.

Once the scammers have your login credentials, any files stored in your account are vulnerable. But it doesn’t just stop there, because these crooks can now also access your Gmail and Google Play accounts, and even download content.

What Can You Do to Avoid Becoming a Victim of this Google Docs Phishing Scam?

As a general rule of thumb, it’s typically a good idea to never open an email from someone you don’t know. And as we mentioned in our Court Email Scam article, if you do open one of these emails by mistake, you should absolutely never download any attachments or click on any links.

Unfortunately though, even the best of us are taken in by an email scam at least once. After all, if these types of phishing scams didn’t work, crooks wouldn’t use them, right? With this in mind, if you accidently fall prey to this phishing scam (or any others for that matter), immediately change your password, and run security software on your computer.

The Better Business Bureau also recommends reporting these emails directly to Google, which can be accomplished by selecting the “report phishing” on the right side of the “reply” button in Gmail. In addition, you can also add an extra layer of security to your Google account by turning on two-step verification. This means that in order to log in, you’ll need to enter your usual password as well as a code that’s sent to your cell phone.

Fortunately, according to the release, “Symantec customers are protected against this threat.”

Do you have any recommendations for avoiding this Google Docs phishing scam? Share your insights with consumers just like you by writing a comment!

  • March 29, 2014

The HighYa Team

The HighYa team is passionate about helping you avoid scams and make better purchasing decisions about everything the internet has to offer.


comments powered by Disqus

Want to Learn to Shop Smarter and Scam-Proof Your Life?

Join over 2 million HighYa readers who receive weekly how-to guides, tips & reviews and get a FREE COPY of our 145 Scam Hacks e-book. Enter your email below to get started!