The scam redirects users to a legal, but fake Google login page.
Security researchers at Symantec have uncovered a new phishing campaign that mainly targets Google Drive and Google Docs users.
According to the security firm, the scam starts with a mail notifying users about an important document waiting to be viewed on Docs, urging to view using the offered link.
Further, users will not be directed to Google Docs, while to a fake Google login page, which is used for Google’s several online services.
Symantec’s Nick Johnston said that the fake page is actually hosted on Google’s servers and is served over SSL, making the page even more convincing.
"The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive’s preview feature to get a publicly-accessible URL to include in their messages," Johnston added.
Then, users’ login and password would be sent to a PHP script on a compromised Web server, with the fake login page later redirecting them to documents in Google Docs.
"Google accounts are a valuable target for phishers, as they can be used to access many services including Gmail and Google Play, which can be used to purchase Android applications and content," Johnston concluded.