Google Docs Phishing Campaign is Frighteningly Accurate

Gmail users beware: a very convincing, very deceitful, phishing scam has been making its way around the Internet. The scam targets Google Doc and Google Drive users with a lookalike login page designed to steal your username and password. With 425 million active monthly Gmail users, these “phishermen” have cast quite a large net.

Before we get into the details of this scam, let’s have a little refresher: A phishing scam is a ploy that tricks you into entering sensitive data, like usernames, passwords and bank account information, by emulating a familiar website. These scams can take a variety of forms, though they’re often introduced through email, text messages or social media sites. Phishing scams can have varying levels of complexity, such as the intricate Netflix phishing scam I wrote about earlier this month, but they all center around one thing—tricking you into willingly giving away your personal information.

The Google Docs phishing scam is a textbook example: it aims to trick you into handing over sensitive login details, and it does exceptionally well. The scam starts with an email referring to an “important document” stored on Google Docs. Clicking on the link in this message will take you to what appears to be a Google Docs login page—but it’s not. This fake login page allows scammers to collect your username and password for their own malicious use.

Unfortunately for Gmail users, the page in this case is remarkably convincing—emulating Google’s typical login page. And here’s the clincher: because this scam is hosted on Google’s servers (the scam is, after all, a public folder on Google Drive) it effectively sidesteps one of the more reliable ways to detect a phishing scam. Generally speaking, phishing URLs are one or two characters different from the official website that they’re masquerading as. To top things off, because the scammers were hosting this attack on Google’s servers, the URL appears to be secure.

This attack on Google Doc users is especially troubling as Google uses a single login across all of their services. If the scammers successfully obtained login credentials for your Google Docs, they’d also be able to access your email, Chrome browsing history (including searches), YouTube account, and perhaps even be able to make purchases through the Google Play store if you’ve previously registered your payment information.

Despite the sophistication of this scam, there’s light at the end of the tunnel. After its discovery earlier this week, Google has successfully removed the phishing pages. They’ve also stated that their “abuse team is working to prevent this kind of spoofing from happening again.”

While this particular attack seems to have been vanquished, phishing scams in general are on the rise. By being aware of how these scams operate, and how to detect them, you’re well on your way to protecting yourself from the Internet’s many bad guys. Follow the steps below to help avoid falling victim:

  • Double check your URL address. Most of the time, a phishing URL will have some reference to the entity it’s pretending to be, but with some form of variation. For example: will take you to Google; (as an example) will take you to a crash page—but it could also take you to a phishing scam website. That being said, do be aware that the scam described above uses a legitimate Google URL and could trick even the most thorough of skeptics.
  • Don’t send banking or login information via email or text. Professional services will never ask you to send sensitive information over email or text messages. They just don’t. At the bare minimum, they’ll ask you to sign into your account on their website (remember to check the URL) in order to address any sensitive information. If you’ve received an email asking for transmittal of financial or login details via email, you’d be wise to delete it.
  • Watch the links. Be wary of clinking on links sent to you over email, text message or social media sites. Most are harmless, but the ones sent to you by someone you don’t know, or a business that you didn’t sign up for, could send you to a malware-infested site. McAfee® SiteAdvisor®, which comes with McAfee LiveSafe™ service, provides color-coded ratings on the safety of your browser’s search results and external links found in your Facebook and LinkedIn news feed when viewing from your PC or Mac. It will also provide a warning message after you click, but before taking you to the site, if the link appears harmful.
  • Install comprehensive security software. As always, practice caution, and protect yourself online with comprehensive security services like McAfee LiveSafe. It will help block spam and dangerous email, as well as guard against malware and viruses on your PCs, Macs, smartphones and tablets.

To stay on top of the latest consumer security threats, follow @McAfeeConsumer on Twitter and Like us on Facebook.

 Gary Davis

39 comments on “Google Docs Phishing Campaign is Frighteningly Accurate

  • Congetta Kelley says:

    Unfortunately I received this phishing virus from a trusted person and opened the link. Everyone should be aware that Google Docs will never ask for your password when opening a google doc. I was distracted and not paying attention when it got to that part of the scam. Again can't emphasize enough that no one should ever ask for your password. I should certainly have known better. For me I needed to change my password but this particular virus actually went into my filters and put a filter to delete all incoming mail with my address. Again it took my half a day to realize I wasn't receiving any mail to figure out that I had this unwanted filter.

    Google should absolutely do more alerts to let its customers know about these well known viruses that have been out there for awhile, especially for those of us using paying for Google Business. It was embarrassing as much as it was annoying.

  • I received something like this from my sister-in-law — it went to my various Google addresses — asked for a password and when I submitted it showed me a multi-page PDF. Worst part is I replied to the email and got an answer that read like a non-English speaker may have written it. So I called her and immediately changed my password.

  • I have just received this email from someone who could have been sending me a document. I clicked the link and logged in with email address and password but went no further as I smelt a rat. I immediately went into my gmail account and changed the password so I hope this will have prevented any problems.

  • Lawrence Schmid says:

    I did fall for this to and it was sent to me by a contact. Fortunately I emailed him back to tell him I was not interested and he emailed back to tell me he was hacked. I was able to change all passwords before any damage was done.

  • Fell for this while waiting for a document from a book reviewer. The virus sent off emails to entire contact list, then deleted the entire contact list (was able to recover using Yahoo's recovery process) and deleted two days worth of emails from Inbox. Live and learn.

  • I was just a total idiot and fell victim to this exact scam about an hour ago. The message came from my landlord so I opened it up because I was interested in knowing what she had to say….could it be info about needed to relocate?…who knows.

    It wanted my email address, password AND telephone #. I did gave that info. away, I am so DUMB! Once I entered in my info. the link dumped me onto some random 'Invest in Art' page with a URL address of I have no idea what that page is all about but I'm scared to go on it since I'm on my work computer. Gah!

    I've changed my password and other info. I informed Google about a phishing scam and the message has disappeared otu of my spam box. I contacted my landlord to fill her in on this. Now I have to play cleanup with my contacts list. I'm still unsure if my info. has been compromised. I am still able to sign in so hopefully I changed my password in time and these scammers are still locked out.

  • Andrew Bloch says:

    I fell for this scam hook line and sinker, entered my login credentials and I have emails with sensitive information. I realized my mistake shortly after and immediately changed my password. I do have 2-step verification for unrecognized devices. Am I OK?

    • Intel Security, Inc. says:

      Two-factor authentication will increase your level of security. It was also a great idea of yours to change your password right away. Be sure to spread the word on this scam to keep others safe!

  • May 2015 – this scam is still alive and well! I received an email from my real estate agent – with a Google Doc link for an offer document… These guys are sneaky

  • Ughh I just got this today, and it was from someone I was expecting to receive important documents from. So, yeah, it's still out there, and yes, Google really should send out emails to all users to be aware of this.

  • Same thing happens to me as ester this week. One of my contact informed me that he received it from me and advise me to change my password. I have a few question:
    Do I have to change my password for everything I have a password or just gmail?
    Will they go through all my email to find password?
    What about confidential bank info?
    Do I have to delete every single email with sensitive info such as password or bank info.
    How do I restore my contact?
    Where can I get professional help?

  • I received that same email and I was expected some douments I opened it. Nothing happened until today. All my contacts have received this email amn my contacts have disappeared!!!!
    What shall I do?

  • I got this email last week from my teacher! Worst of all, I was expecting a google doc from here when this evil email arrived. So that's how I fell into the trap. She reported back that some technician had discovered that the scam was planted by a European tour company she had previously used for an organized group tour. Please kill this scam!!!!! My paranoia is increasing day by day.

  • Guys, nobody answered Amira's question. I have the same one. I clicked the link but did not enter any information. Am I ok??


  • It happened to me last week, the email was sent to me by my lecturer so I opened thinking nothing of it , I didn't really pay attention and I didn't change my password. Now today the exact email has been sent to all my gmail contacts. I've warned them not to open, I hope no one has already opened it

  • Just got this email today (Nov 20). I always pick up on these things before I click, but not this one. Thank God my filter let me know it was a phishing tactic

  • Mark Redman says:

    This phishing scam is still going around!

    I'm normally VERY cautious, but walked straight into this scam this afternoon, and without second thought gave away passwords to two gmail accounts. Fortunately I realised shortly afterwards that something was smelling fishy and immediately changed my passwords so hopefully no damage done. But it's a bugger.

  • November 2014 and the email is still out there. Like one of the other users said 'I used to consider myself a smart person'……I feel exactly the same.

    Received the email from a person whose name I knew and who I figured would send docs out as she has done before. Stupidly went ahead and entered my details.

    That was yesterday. Tonight my husband received one from me and before opening asked me about it. He opened the email, but not the link. His email had a red warning tho not to open it.

    I have reset my password and deleted the mails the hacker sent. I did first send them all a mail to warn them.

    Just worried that they might have gotten to emails where certain login credentials have been given for other sites. What a mission now to go through all my emails.

    Less than a month ago I sat in a phising awareness seminar…..can believe I was so stupid to click on the link. It has surely opened my eyes….

  • Shane Duffey says:

    Just received a similar email. Put Google drive on my android yesterday and "bingo" this thing appears today URL is
    Check the wording of your email and time. My email supposedly came for a friend in the UK, I'm in Malaysia. The wording was to formal for him to use. The time I received it was 4:03 AM. There is no way that he would send an email to me at that time (his time in the UK is 9 PM).
    As per advice above – check the URL first – make it a habit.

  • I just fell for this scam: it did look legit and the email came from a potential employer with the note saying I need to view confidential documents… ouch! I realised it was a scam when no documents appeared and there was no legit information on the login page. So I imediately changed my password: is there anything else I can do to secure myself?

  • Thanks Google… for warning us.

    Jerks. Thankfully never used google play store or their other scammy pay crap.. I will NEVER USE it for certain now. At least Paypal contacted me immediately when there were problems with Target and Home Depot.

  • QUESTION: I clicked on the link but immediately my gut told me to close it. So a window popped up and I closed it immediately. Is your data only compromised if you actually inputed data into the website? Or is data compromised if you clicked the link?

  • I used to consider myself a smart person, but I just fell for this scam. The most immediate result is that the same email was sent to all my contacts and several of my emails were deleted. Is there anything I should do besides change my email password? By the way I use Outlook (Hotmail). Thank you!

    • Shelley…don't be too harsh on yourself. The hackers are getting better and better. You should definitely change your passwords and it would be good to email your friends and let them know not to click on the links in "that" message.

  • Just rec'd this email this morning. I did click on the link and gave my NON google email. Going to change my password now.

    It looked legit since I would expect and "important doc" from the sender.

    Just wanted to say it is still out there

    • Gail..yes it's often very hard to tell the difference between these emails. That's why we need help spreading the word to keep everyone safe!

  • I'm always super careful with my computer. 4 different types of malware/virus checkers on it and yet on 24th June this year, I logged onto my Gmail to send an one email and the log in page which looked fully legit must have been a fake and over the next 2 days, my bank account was drained by app purchases. Over £3000 gone.

    I never had any emails from Google/Gmail with links on which I clicked either.

  • If I clicked the link, but it didn't fully load before I shut it down, will be okay or should I wipe my phone as a precaution?

  • Randi Rubenstein says:

    Here is where I got snagged. It has been programmed to reply! I thought I was being extra cautious. When I sent a reply to the sender asking for confirmation, it responded from the same email address: "The email is from me, you can check it out. Thanks." Looked legit since we had traded docs before. Ouch!

    • Ouch is right! It's best to not reply to any email you think is spam or a scam. When you reply, they now know for sure that this is a valid email address. It's better to be safe than sorry and just delete the email or mark is as spam.


Leave a Comment

15 − 11 =