Google Drive phishing scam returns

Phishing

Despite claiming to have fixed a security hole in Google Drive last year, criminals are still making use of a Google Drive phishing scam that can steal your email address and password in just a few taps.

Last year, it was revealed hackers were using fake Google Drive documents to force you to enter your email and password, but this year's attack seems to be more sophisticated.

You may receive an email from one of your contacts, granting you access to a document stored in Google Drive. Click on the link and you're taken to the normal Google Drive sign-in screen.

Then, after entering your username and password, you're asked to enter your verification - either your mobile phone number if you have one associated to your account, or your secondary email address.

When you've entered this information, you're forwarded to your Google Drive, but there's no document in sight. You've just had your details phished.

Symantec investigated into the flaw last year and found out the login page is actually hosted on Google's servers and is served on SSL, making it seem very convincing.

"The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly accessible URL to include in their messages," Symantec security expert Nick Johnston explained in a blog post.

However, it was reportedly fixed soon after, with Google saying: "We've removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again. If you think you may have accidentally given out your account information, please reset your password."

Clare Hopping
Freelance writer

Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.

Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.

As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.