Tech Tip: Be aware of Google Drive Phishing Scam

/ susangifford

This week’s Tech Tip, submitted by Chief Information Officer Marc Elliott, addresses how to recognize a Google Drive Phishing Scam.

In the ongoing saga of different types of phishing scams, the most recent to be aware of is a serious one as it leverages Google Drive against the victim, and we are a Google district. It tries to fool the victim into accessing a fake online document to gain access to the individual’s email account.

In this phishing scam, the victim will receive an email with a link to a document (not an attachment) that looks like it’s in Google Drive/Microsoft OneDrive/Dropbox/etc. More than likely, the email will come from a legitimate sender (someone you know) as their account has already been compromised. The idea being that you would automatically trust this sender, and any links or attachments the email might contain.

When the victim attempts to access the online document, they are presented with a log-in screen that either looks like a Google Drive access screen, or a generic log-in screen for different types of cloud storage solutions. While they look legitimate, they are fake log-in screens designed to collect your username and password, thus providing the hacker access to your email to perpetuate the scam and open additional services in your name.

Picture1

Picture3

Awareness is important to recognize these more sophisticated forms of phishing attacks. First and foremost, determine if you are expecting a document from the person sending it to you. If not, exercise some caution before following the link and/or opening an attachment.

Second, if you follow the link to the document and end up at a sign-in page, before entering any credentials, look at the URL/address bar at the top of your browser. The address should indicate that the connection is secure (https) and that it clearly is going to the correct service (Google, Onedrive, etc).

Picture2

Third, it’s almost a dead giveaway of a phishing scam when you see a  log-in screen that allows/encourages you to choose the email system provider. As with Google Drive, it’s specific that you should be using a Google account to log in, not your choice of email systems.

Remember, if you have any doubts about the authenticity of the email you have received, take a minute and contact the sender to verify. An ounce of prevention is worth a pound of the cure!