There’s a really deceptive phishing scam going around that tricks users into giving hackers their Google login credentials using a script hiding in a Google Drive document. The scheme raised some eyebrows at security firm Symantec, who discovered and reported the scam on their official blog.
The scammers send out emails simply titled “documents,” which asks the reader to open an “important document.” Clicking on the link brings up a Google account sign-in page, and though it looks legitimate, it’s anything but. The official-looking login page is actually a preview page for a folder storing the phishing scam on Google Drive. Once the user signs in, a PHP script records their login info. Since the site is stored on Google Drive, the page address says “Google.com,” allowing it to pass a surface-level inspection. When it’s all over, the link sends the user to an actual document, reducing the chance that the user realizes what just happened.