A new phishing e-mail scam has been circulating in Gmail inboxes, which carries malicious Google Docs attached to the message that lead to a fake Google log-in page, Hoax-Slayer has warned.
The e-mail is titled “Secure Document” and says that the user’s bank has uploaded a secure document, described as confidential and important, by using Google Docs. In order to read the document, users are invited to click on a link and log in to their Google account to access Google Docs. However, this link does not lead to Google Docs but to a fake log-in page, where the submitted details will be accessed by cybercriminals and later used to hijack the real Google account.
Once the log-in details are submitted on the fake form and collected by scammers, they will be able to gain access to many Google services, including Google +, Google Drive, Gmail, YouTube and Picasa, all of which often contain sensitive personal information, photos, important documents and contacts. Cybercriminals can use the victims’ personal information and identity to start spam campaigns, as well as misuse the sensitive data stored in all these services.
Although the phishing attempt is not very sophisticated, the scam might fool less experienced or careless users into following the instructions and actually entering their log-in details on the fake Google page. Others might be so tempted to see the “Secure Document” that they will click on the link without thinking about the consequences.
It is important for users to log in to their online accounts by entering the address manually into the address bar of the browser, rather than clicking on links that might not be legitimate.