Google Drive Phishing Attempts Are Here

I've recently learned of yet another way deceptive websites are being used to collect personal information such as your email address, password, and phone number. Unfortunately, this kind of attempt to get your personal information is more common than ever.

Never Open Unsolicited Email Attachments!

By attempting to fool unsuspecting users, these phishers gather your personal details by means of asking to you view a Secure online pdf document, as pictured below.

Secure online pdf document

First, They Determine Who Provides Your Email Services

Upon pressing the link to visit "Google Drive", visitors are taken to a page in which they can choose their email provider, then sign in.

This is an attempt to figure out what email provider you use. By selecting the email provider, the "phisher" knows where to use your email address and password to log in.

Sign into Google Drive

Then You Give Away the Keys to the Kingdom!

Then they ask you to provide your email address, password, and phone number, so you can supposedly retrieve your pdf document.

Obviously fake sign in screen

In fact, you've just given away access to your email account

Unfortunately, anybody in your address book is now susceptible to being sent the same email you opened. Since the email is coming from your email address, it means that the recipients might be inclined to open it themselves.

What are the Tell-Tale Signs?

Below, I go into a little detail on how you can spot suspicious looking phishing attempts. The clues are mostly subtle, but once you learn what to look for you'll be in a better position to protect yourself!

Wait a Minute! Something Doesn't Look Quite Right

Google Drive only allows for gmail.com email addresses!

The fact that they're asking you to choose from a list of email providers is a dead give-away that something is not right.

That's not all, though. Here are a few other things that tipped me off:

  1. Sloppy or rushed graphic design work. The words "Your Documents" and "view or download" clash very strongly against the logo for Google Drive making them difficult to read. This work is, quite frankly, amateurish.
  2. Subtle problems with grammar & punctuation in the text in which they're asking you to sign in.
  3. Why do I need to provide my email address and phone number to sign in? I've never seen that on any reputable websites - big warning sign!
Obviously fake sign in screen

Keep Yourself Safe with These Quick Tips

  1. As mentioned previously, don't open unsolicited email attachments.
  2. Create and use bookmarks in your browser for the websites you visit frequently.
  3. Navigate to websites like Google Drive by typing the web address, as pictured below. Real web address for Google Drive

Get Involved!