BBB Logo

Better Business Bureau ®
Start With Trust®
Northern Colorado and Wyoming
Google Drive Phishing Scam
Sophisticated scammers have created a fake Google log-in screen that is actually hosted on the company's servers. Watch out for scam Google Drive emails that prompt you to enter your username and password into this look-alike form.
April 01, 2014

Sophisticated scammers have created a fake Google log-in screen that is actually hosted on the company's servers. Watch out for scam Google Drive emails that prompt you to enter your username and password into this look-alike form.

How the Scam Works:

You receive an email notice that someone shared a Google Doc with you, and you can access it by clicking on a link. If you click through, you are taken to an exact copy of the Google log-in page.

The look-alike log-in form prompts you to enter your Google username and password. The data is sent to the scammer's server, but you are redirected to a real Google Doc. This means you are probably unaware anything even happened!

The scammers are using an actual Google Drive account to host the scam file, which lends a legitimizing Google.com URL to their con. Inputting your email and password into the fake form gives scammers access to your Google Drive, Gmail and any personal information stored within.

Tips for protecting your Google account:

  1. Look for a phishing alert. Gmail automatically displays warnings on messages they suspect are phishing attacks. Always look for these warnings at the top of your email.
  2. Know when you are logged in. If you are already logged into Gmail to check your email, you won't need to log-in again to view a Google Drive document.
  3. Report it: Help Google identify suspicious emails by reporting them. On an email message, click the down arrow next to "reply" and select "report phishing."
  4. Turn on two-step verification. If you fear your account has been compromised or you are worried about security, you can sign up for additional security for your Google account. Logging in will then require both a username/password and entering a code sent to your cell phone.
  5. If your account may have been compromised.... Be sure to review this security checklist to make sure scammers aren't accessing your email. Topics covered include checking past log-in locations and making sure auto-forwarding isn't activated.

For More Information

For more information about reporting scams and protecting your Google accounts, see Google's support site. To read more about the Google Drive scam, check out security company Symantec's blog post. To find out more about scams, check out BBB Scam Stopper.

Start With Trust®. For more consumer tips and information, visit wynco.bbb.org.