How the Scam Works:
You receive an email notice that someone shared a Google Doc with you, and you can access it by clicking on a link. If you click through, you are taken to an exact copy of the Google log-in page.
The look-alike log-in form prompts you to enter your Google username and password. The data is sent to the scammer's server, but you are redirected to a real Google Doc. This means you are probably unaware anything even happened!
Find out what's happening in Birminghamfor free with the latest updates from Patch.
The scammers are using an actual Google Drive account to host the scam file, which lends a legitimizing Google.com URL to their con. Inputting your email and password into the fake form gives scammers access to your Google Drive, Gmail and any personal information stored within.
Tips for protecting your Google account:
Find out what's happening in Birminghamfor free with the latest updates from Patch.
- Look for a phishing alert. Gmail automatically displays warnings on messages they suspect are phishing attacks. Always look for these warnings at the top of your email.
- Know when you are logged in. If you are already logged into Gmail to check your email, you won't need to log-in again to view a Google Drive document.
- Report it: Help Google identify suspicious emails by reporting them. On an email message, click the down arrow next to "reply" and select "report phishing."
- Turn on two-step verification. If you fear your account has been compromised or you are worried about security, you can sign up for additional security for your Google account. Logging in will then require both a username/password and entering a code sent to your cell phone.