There’s a lot of news going around warning Google users to be aware of a phishing scam seeking to steal information.
Here’s how the scam works according to Symantec:
We see millions of phishing messages every day, but recently, one stood out: a sophisticated scam targeting Google Docs and Google Drive users.
The scam uses a simple subject of “Documents” and urges the recipient to view an important document on Google Docs by clicking on the included link.
Of course, the link doesn’t go to Google Docs, but it does go to Google, where a very convincing fake Google Docs login page is shown:
Figure. Google Docs phishing login page
The fake page is actually hosted on Google’s servers and is served over SSL, making the page even more convincing. The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive’s preview feature to get a publicly-accessible URL to include in their messages.
This login page will look familiar to many Google users, as it’s used across Google’s services. (The text below “One account. All of Google.” mentions what service is being accessed, but this is a subtlety that many will not notice.)
You might also check out Huffington Post’s, “spot the fake” post.
Now, I have to believe that none of my regular blog readers would ever fall for this trick, especially considering the 50,000+ warnings I’ve given about these types of unsolicited scams. And I have to believe none of you would actually click an unsolicited link.
However, on the off chance users might not know, let me offer this:
That is an actual shared item — in this case a Google Doc — using Google’s sharing system. The key fallacy of the Google Docs scam is the fact that the scammers named the shared document, Documents. In Google Drive, an unnamed files are [as close to] always named “Untitled document.”
And you’ll see the similar file name in your Drive folder.
Thus, even when your friend forgets to rename his or her document, you should have a clue as to what the document is. Drive will prompt the sender to change the file name before sharing, but they can opt to skip this step.
Sharing Google Drive documents and files
By default, the box next to “Notify people via email” is checked whenever someone shares a file from Google Drive.
To share a file, click the Share button in the upper right hand corner of the document.
Drive will prompt you to invite people and set editing capabilities.
Remember, the Notify box is checked by default, and that’s usually the best way to invite a limited number of people to view the document. Unchecking the notify box will execute a prompt asking the sender to confirm their choice.
You can also send a link and set the file’s visibility to “Anyone with the link.”
I prefer sharing with Specific people, but I have been known to open visibility up even more.
Click Save, and the recipient will have a nice email telling them you sent a file.
Either way, you should never open files from senders you don’t recognize or aren’t expecting. Plus, even if your friend forgets to send you an email, you have to actually look in your Shared with me folder to know the document’s there.
In the end, this post is about 3 things:
- Don’t click on bad links, especially Google Drive files named Documents;
- Properly name your files; and
- Learn to recognize a true shared file from Google Drive.
I hope this helps. If you suspect you’re reading this post too late, simply change your Google Account password.
Time to get back to rearranging my Google Drive files.