As you may be aware a very tricky phishing scam that takes advantage of Google Docs began making its way around the internet last Wednesday. Since it uses a google.com URL and even makes use of Google's secure encryption, it's difficult to tell that it's a phishing attempt. Your best safeguard, as always, is a little bit of common sense.
The malicious message reportedly arrives with the subject line "Documents" and points to a Google Docs link. Again, it shows up in the address bar as a google.com domain and takes you to a fake log-in page that looks just like the real Google login page. This is how the hackers get you. An image of a fraudulent message appears below:
If you click on the link and and put in your credentials on the fake google docs page, you'll be taken to an actual Google Doc. However, your credentials will be sent to a compromised server. The emails are avoiding Google's built-in detection capabilities, likely because they're coming from a Gmail account and the link points to a legitimate googledrive.com domain.
Google shut down the scheme within an hour to limit the damage but still recommends that users review a list of devices that have access to their account. This can be done by taking the Google Security Checkup available when you log onto the Google website. While Google hopes these measures will reduce the already slim likelihood that another attack will gain access to user accounts, you can never be too cautious.
Remember to ALWAYS use caution when clicking on links in emails, especially when it comes from an unknown source. TRG will continue to provide these notices to help you stay safe in an ever-changing digital landscape. As the saying goes "an ounce of prevention is worth a pound of cure”.