You are here

BBB Scam Alert: Google Drive Phishing Scam

The Better Business Bureau Serving Northern Colorado and Wyoming advises users of Google Drive to beware of a sophisticated scam now infiltrating inboxes nationwide. The phony Google Drive emails prompt you to enter your username and password into the look-alike form.

How the Scam Works

You receive an email notice that someone shared a Google Doc with you, which can be accessed by clicking on a link. If you click through, you are taken to an exact copy of the Google login page.

The look-alike login form prompts you to enter your Google username and password. The data is sent to the scammer's server, but you are redirected to a real Google Doc. This means you are probably unaware anything even happened.

The scammers are using an actual Google Drive account to host the scam file, which lends a legitimizing URL to their con. Inputting your email and password into the fake form gives scammers access to your Google Drive, Gmail and any personal information stored within.

Tips for protecting your Google account

  1. Look for a phishing alert. Gmail automatically displays warnings on messages they suspect are phishing attacks. Always look for these warnings at the top of your email.
  2. Know when you are logged in. If you are already logged into Gmail to check email, you won't need to login again to view a Google Drive document.
  3. Report it. Help Google identify suspicious emails by reporting them. On an email message, click the down arrow next to "reply" and select "report phishing."
  4. Turn on two-step verification. If you fear your account has been compromised or you are worried about security, sign up for additional security for your Google account. Logging in will require both a username/password and entering a code sent to your cell phone.
  5. If your account may have been compromised, be sure to review this security checklist to make sure scammers aren't accessing your email. Topics include checking past login locations and making sure auto-forwarding isn't activated.

To find out more about this scam visit: BBB of Northern Colorado & Wyoming

You can also read some more good information from the FTC on scam alerts.