Almost every day we received lots of emails, and most of them are obviously spams, but this one has a very convincing way, the attacker will you send you an email with regards with your Google doc, or Google drive, a link will be provided and you will be asked to sing in to your Google account, but of course the link doesn't go Google Doc directly, it will show a Fake Google Doc Login page. This fake login page, is actually created by the attackers using their Google Drive account, this will appear as authentic sign in page, because it is hosted by Google server.
After filling up the user name and password, and by pressing the Sign in button, the information you that you just provided will be sent to a PHP script on a compromised web server, and then it will redirects to a real Google Doc, you wouldn't notice that you've just been a victim of a phishing scam.
So just be very careful in dealing with emails, especially when asking you to click a link. To be sure, once you received an email like this, just go directly to drive.google.com or docs.google.com, the sign in page, will of course recognized you, as shown below.
 |
| Real Google Drive Login page |
According to GIZMODO they contacted Google regarding this matter, and they got a reply that this problem is fixed:
"We've removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again. If you think you may have accidentally given out your account information, please reset your password." -Google Team
%20(1).png)
1 Comments
mukhang nadale ako nitong phishing site. changed all my passwords na.
ReplyDeleteSalamat!