Highlights and Updates

New Sophisticated Scam Targeting Google drive and Google doc users

Saturday, 15th March 2014

Symantec has spotted a phishing scam that is very hard for users to discern as a scam.
The user receives an email with "Documents" as the subject and the email urges the recipient to view an important document on Google Docs by clicking on the link.
Clicking on the link takes a user not to Google Docs but to a very convincing fake Google Docs login page. View fake login page here. 

The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing. [The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly-accessible URL to include in their messages.]

After pressing "Sign in", the user's password and username are sent to the scammers.
This page then redirects to a real Google Docs document, making the whole attack very convincing.

Solution
Apart from looking out for this scam, other new ones may come up which you might not detect, so you need to make sure you enable two factor authentication on your Google account. 
More about two factor authentication here.
It might be a minor inconvenience for you occasionally; but imagine the inconvenience you'd suffer if you lost your account.