'Confidential Document' Google Docs Phishing Scam
Email asks the recipient to click a link to view an important confidential document in Google Docs.
The message is a scam designed to steal Google Account Login details.
The link leads to a fake Google Account login page. Login details submitted on the fake page will be collected by criminals and used to hijack real Google accounts.
Subject: Confidential Document
Please view the document i uploaded for you using Google docs. Click here just sign in with your email to view the document its very important.
According to this email, an important and confidential document has been uploaded to Google Docs for the recipient to view. The recipient is invited to click a link and sign in with his or her Google account login details in order to read the message.
However, the link does not lead to a Google document, confidential or otherwise. In fact, the message is a rather crude phishing scam
designed to trick recipients into revealing their Google account details to Internet criminals. Those who click the link will be taken to a fake Google login page as shown in the following screen shot:
The login details submitted on the fake form will be collected by criminals and used to hijack Google accounts belonging to victims. Once armed with this information, the criminals will be able to access multiple Google services owned by the victim, including Gmail, Google Drive, Google+, Youtube and others. The criminals can then use these hijacked accounts to pose as their victims and launch ongoing spam and scam attacks
. They will also be able to access and misuse private information stored in these services.
Although it is quite an unsophisticated attempt, this scam may nevertheless trick some less experienced or unwary users into complying with instructions and logging in on the fake site. Some may be so curious to see the "confidential document" that they follow the link without due forethought.
It is always safest to login to any and all of your online accounts by entering the address into your browser's address bar rather than by clicking a link in an email.
Last updated: March 18, 2013
First published: March 18, 2013
By Brett M. Christensen