' Watch Out For Google Drive Phishing Attack Emails

Tuesday, January 21, 2014

Watch Out For Google Drive Phishing Attack Emails

At one point in time or another, you may have seen some emails from Google Drive/Docs that include a link to a folder and/or document. However, not all of these emails are legit. The non-legit emails will, upon opening the contained link(s), will ask you to sign in, even if you are already logged into a Google Account.
The emails will typically look like one of the following 2 screenshots (keep in mind that the emails you receive, if you are targeted, may be similar to these, if not identical):
However, these emails do NOT link to valid Google Drive sign-in URLs. The URLs actually point to phishing websites, such as the one shown below:

What's wrong with that page? Take 5 minutes to spot all the mistakes, or just read on...

Firstly, the URL in the address bar is not a valid Google Drive URL. The proper Google Drive URL always begins with:


As we can see, the URL obviously does not pass as a link to a document in Google Drive.

Secondly, the methods you can login with are incorrect. The real Google Drive login page will only let you login with a valid Google Account (usually xuser@gmail.com, where xuser is your Gmail username without the @gmail.com part). Since the fake page above will let you login with any email, it is not a legit sign-in page. This fake page will actually capture your login credentials and use them to hack your account.

Thirdly, the layout of the page is incorrect. A real Google Drive login page will look something like:
Now that we can differentiate between the real sign-in pages and the fake ones, we need to know how to stop or diminish the non-legit emails:

1) Always make sure to check that the URL that claims to be a Google Drive sign-in page starts with https://drive.google.com. If not, exit the webpage immediately. If you inadvertently enter your login credentials to your email, change the password to it immediately.

2) If you get a fake email, report it as a phishing attack (in Gmail, open the message, click the dropdown arrow next to the reply button, and click "Report phishing."

3) If the email came from someone you know, or if they have sent you legitimate emails in the past, send an email to them about the attack. They should change their passwords as soon as possible.