Despite claiming to have fixed a security hole in Google Drive last year, criminals are still making use of a Google Drive phishing scam that can steal your email address and password in just a few taps.
Last year, it was revealed hackers were using fake Google Drive documents to force you to enter your email and password, but this year's attack seems to be more sophisticated.
You may receive an email from one of your contacts, granting you access to a document stored in Google Drive. Click on the link and you're taken to the normal Google Drive sign-in screen.
Then, after entering your username and password, you're asked to enter your verification - either your mobile phone number if you have one associated to your account, or your secondary email address.
When you've entered this information, you're forwarded to your Google Drive, but there's no document in sight. You've just had your details phished.
Symantec investigated into the flaw last year and found out the login page is actually hosted on Google's servers and is served on SSL, making it seem very convincing.
"The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly accessible URL to include in their messages," Symantec security expert Nick Johnston explained in a blog post.
However, it was reportedly fixed soon after, with Google saying: "We've removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again. If you think you may have accidentally given out your account information, please reset your password."
-
C-suites consider quantum a serious threat and "amazing" deepfake attacks are just 'months away'News Deepfake technology has matured at a rapid rate, and video scams are likely to be a on par with the more convincing voice-only campaigns very soon, one expert says
-
Shiseido reportedly suffers data breachNews The Japanese cosmetics company has been accused of failing to notify affected staff of the leak
-
Almost a quarter of all spam emails were sent from Russia in 2021News Last year's spam emails mostly centred around money and investment, Bond and Spider-Man movie premieres, and the pandemic
-
HMRC issues scam warning ahead of Self Assessment deadlineNews The department stated that 2021 has already seen 797,010 tax-related scams reported
-
Ofcom report reveals alarming uptick in smishing attacksNews Text-based scams now more common than phone calls among young adults
-
Smishing attacks increased 700% in first six months of 2021News Which? has urged businesses to play their part to protect people from text message scams
-
Delivery scams become most common form of smishingNews Cyber security provider Proofpoint finds a major increase in the number of threat actors impersonating postal services
-
NCSC simplifies Outlook scam-reporting toolNews Users are now able to report phishing emails with just one click
