DETROIT – A very convincing scam that uses Google Docs is making its way around.
It's almost impossible to tell that it's not real since it uses a google.com URL and even encryption.
Google confirmed the phishing scam on Wednesday, saying:
We are investigating a phishing email that appears as Google Docs. We encourage you to not click through, & report as phishing within Gmail.
Google also told Gizmodo: We’ve removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again. If you think you may have accidentally given out your account information, please reset your password.
“The fake page is actually hosted on Google’s servers and is served over SSL, making the page even more convincing,” Symantec security expert Nick Johnston explained in a blog post. “The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive’s preview feature to get a publicly accessible URL to include in their messages.”
Basically, if you get an email from someone you don't know with the subject line that says something about documents, it's probably not real.
Secondly, if you show up at a login screen, that's a big red flag. Don't re-login to Google.