How Scammers are stealing your Google Drive Logins

Your Google Drive account, and any other account for that matter, are being targeted directly by scammers. These are the same scammers that we try to avoid, yet they somehow find out our login information and steal our personal information.

Unfortunately, it’s not as hard as you think to steal your gmail login information.

The most popular scam tactic is phishing. This is done by sending a user (you) an email through Gmail or any other email service with a link to a website. The worst part is that the link appears to point to a website hosted on Google’s own servers, allowing a hidden script to capture the visitor’s username and password.

This particular scam would then link the user to an academic paper hosted on Google Drive so that they didn’t realize their information was compromised.

A spokesperson for Google stated that the company is always working to thwart scams through user education, warnings and automated systems. While the spokesperson did not state what action was being taken, they did state that they are aware of the scam mentioned and are taking actions to put a stop to it.

Simplistic in nature, the scam does use Google’s own servers to perform all actions, causing many users that think they’re following best practices to not get scammed.

Once the user’s credentials are compromised, the scammer logs into the Google account, and gains access to the user’s emails and all of the documents listed on their Google Drive. The password is then changed (especially when the account is attached to Gmail), leaving the user with little to no recourse to get back into their account.

Gaining access to an email account or Google Drive can lead to:

• Further breaches for all accounts attached with Gmail, including bank accounts.
• Sensitive information stored on Google Drive.
• Phishing information from friends and family via your email account.

Protecting your account and information requires diligence. A few precautions you can follow include:

Don’t Trust Unknown Emails

Don’t recognize a sender that has sent you an email? Don’t open the mail. Scammers are getting very smart, even sending emails from similar account names or from accounts that have your friend’s names attached to it.

Using a Gmail account is also a new tactic that gets through Google’s spam filters.

What should you take away from this?

Stop clicking on unknown emails and links. If you don’t recognize a particular sender or don’t have a clue as to what the sender would be linking to you, don’t click the link!

Don’t Provide Usernames and Passwords

Phishing scams only work because you’re willing to give up your information. Scammers are getting smarter, and a file actually hosted on Google’s servers makes it harder to determine if a scam is occurring, or if the site is legitimate.

This particular scam was very sophisticated, but it had flaws.

The wording on the login page was incorrect and didn’t match the current Google Drive text. This would be a major signal that the login page is fake.

Unless you’re positive that you’re on the right page, you should never provide login information. A good way to determine the legitimacy of a link it to look at the web address in your browser.

Oftentimes, the URL will not be the same as the URL you would normally log into. It may even be a different account completely.

This current scam actually has a bunch of text before “googledrive.com,” which is an indicator that something isn’t right.

The best course of action is to open up a new browser window and go to the Google Drive login main page that you know and trust to login. Now, if you refresh the linked page and it still asks for your login credentials, something is amiss.