The notorious act of phishing is getting smart gradually. With new ways and processes, it is making the users scared and feel vulnerable. Security software developer Symantec has spotted a new phishing scam targeting Google Docs and drive users.
Moreover, this trick uses google.com URL with Google's SSL encryption to fool the users. Like many other phishing scams, this also involves email with a subject line, "Documents". On clicking, it will lead you to a Google Docs link. The attackers even faked the Google page for asking your Google username and password.
"The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing. The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly-accessible URL to include in their messages," Nick Johnston, a Symantec employee explained in the Symantec official blog.
This original look-alike page can fool most of the Google users. After entering the user-name and password, the user's credentials will be sent to a compromised server but lead you to original Google Docs document to make the entire procedure very convincing.
The phishers will use many user services including Google Play where anyone can buy apps, books, games or movies.
To be safe from this phishing attack you need to be careful while clicking on links inside emails. Especially, mails from unknown users with an attachment and subject line like "Document".
Another way for being safe of it is notice the log-in page first before entering your password. Original Google Docs won't ask for username repetitively if already logged in through the same browser.
Below is the picture of the fake log-in page of Google developed by phishers.