Huffpost Business

There's A New Scam To Steal Your Gmail Info, And It's Hard To Catch

Posted: Updated:

Warning: If you receive an email with the subject "Documents," and it directs you to a webpage that looks like a Google Drive sign-in page, do not enter your information.

It's likely a new phishing scam, in which a thief creates a fake portal that asks for people's private information and then steals it. (Netflix recently faced a similar issue.)

This one uses a fake Google Drive landing page to get your Gmail address and password, cyber security company Symantec's official blog reported last Thursday. You're meant to think that the documents you'll be viewing are on Google Docs and that you need to sign in to see them. Remember, though, it's all a scam.

"We've removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again," a representative from Google tells The Huffington Post. "If you think you may have accidentally given out your account information, please reset your password."

Think you're smart enough to tell the difference between a fake Google Drive sign-in page and the real one? OK, which one of these two photos is of the real one?

Choice #1:

google phishing scam

Choice #2:

google phishing scam

The real Google page is the second, but be honest and admit you couldn't tell. You shouldn't be looking for something in particular on the login page, since those look different for different people and on various browsers. You should just be wary of emails from unknown email addresses and pages that ask for your password.

If you were to put your Gmail address and password in the fake login, your credentials would be stolen, but you'd be taken to a real document on Google Docs, so you might not even know you'd been scammed, Symantec says.

With access to your Gmail account, scammers can make purchases on Google Play, use your Google+ account, access your Google Drive documents and more.

As always, the easiest way to protect yourself from phishing scams is to not click on unknown links and not open emails from unknown senders. Also, don't type your password anywhere that you're not 100 percent sure is real.

[h/t Gizmodo]

This post has been updated to include a comment from Google and to clarify that login pages can look different for different people.

Around the Web

Beware of This Dangerously Convincing Google Docs Phishing Scam

Don't Fall for This Google Drive Phishing Scam

Phishing page hosted on Google: A true dog-bites-man scam