I Almost Fell for this Google Docs Phishing Scam! Watch Out!

1449510828_full
Watch out for this Google Docs Phishing Scam as it looks very legitimate. I almost fell for it. Here are the warning signs and what to look out for!

I just received an email from a friend. The subject was “INVITATION” and the contents of the email simply contained the words “[name withheld] has sent a message regarding the following document: [withheld] Invitation Hello guys, remember to login and check it out.” I removed the name and other personal information to protect the innocent. I hadn’t heard from this person in a while but everything on quick scan looked legitimate. And, I almost submitted my personal login information on a site that also looked legitimate. But then I stopped. Something didn’t feel right. Here’s why I stopped in my tracks and why I now know it was a Google Docs Phishing Scam.
HTD Google Docs Phishing Scam - email

Update 5/3/17 – A new version of this is making the rounds. But Google is addressing it!

I’m going to dissect this a bit. And the order listed below doesn’t actually represent the order of actions that I did. I will put “warnings” that people should look for if they receive something they think is an email phishing scam.

The image above shows the email that I received. It looked almost familiar. It was very similar to other Google Doc notifications I had received in the past. It showed the person’s name as well as a project or site that I was familiar with. Warning #1 – there was no photo of the person in the email. While this isn’t that big of a warning, many people on Google Docs do have a profile picture.

I inspected the senders email address. It was actually the proper one. I looked at the email headers. They showed that it was “sent” from mx.google.com so that looked legitimate as well.

While my next real action was actually (and stupidly) to click through the email link of the “invitation” which in hindsight, is probably not the best course of action. I actually did click through and started to fill out the form I was presented within (image a bit later on in this article) and then I stopped. And I started the forensics.

I looked back at the email and held my mouse over the “invitation link.” You can see the link in the image below (I will not be putting the link as an active link in this article.) Warning #2 – link is NOT Google Docs.

HTD Google Docs Phishing Scam - link

The link shows “trakanmedia DOT com”. You can see the WHOIS information for that site below:

HTD Google Docs Phishing Scam - whois info #1

The URL in the email immediately redirects to another site, the one that hosts the Google Docs Phishing Scam form. The site domain is “interesting DOT am” and it goes to a longer URL. Warning #3 – link in email immediately redirects to a completely different domain. Below is the WHOIS for this other site.

HTD Google Docs Phishing Scam - whois info #2

This Google Docs Phishing Scam is so simple, it almost worked!

The site looks quite legitimate. It has the look and feel of a valid Google Docs login page. And once I stepped back and thought about this, I knew I had come across a Google Docs Phishing Scam. Here’s what the page looks like:

HTD Google Docs Phishing Scam - phishing page

There are many warnings here. Warning #4 – none of the other links on the site actually are active. “Help” links and the links in the footer do not go anywhere (they just have a “#” link to make them active). Also, normally if you go to a Google Docs login, you will not be prompted to enter in other types of email addresses (at least I don’t think you do). Warning #5 – form tries to capture ANY email and password.

HTD Google Docs Phishing Scam - email provider

I decided I would look at the domain itself. When I stripped off the trailing path from the domain and went to the root, I saw that the site was “coming soon” and was a long way off. This seemed odd since the form was actually active despite the coming soon. Warning #6 – site seemed phishy in general with no additional information.

HTD Google Docs Phishing Scam - fake site

So, looking through all of the aspects of this, I realized it was a Google Docs Phishing Scam. Immediately, I sent a note to the person who supposedly sent this email, asking if he had meant to send it. It is quite possible that his email (which happened to be a Gmail address) had been compromised by a similar Google Docs Phishing Scam (read this Gizmodo article) or other type of scam so he might not actually receive the email. And, if his account was indeed compromised, the scammer could just as easily send a reply saying that it was actually him that sent it. I plan on contacting him via another method. But the problem is that once a scammer gets access to your email account, they can take over other accounts like social media or worse.

Anyway, please share this with your friends and coworkers. Be warned, the phishing scams are scary and dangerous!

HTD says: In the age of digital communication, phishing scams can wreak havoc with your online and offline life. Watch out for this Google Docs Phishing Scam!

[rps-paypal]

3 Responses

  1. My wife fell for this. We changed her password and the password was used for nothing else besides her gmail. Any other safeguards we should take or are we ok?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Other articles of interest

Global Product Review Disclosure

Disclosure: This is a global disclosure for product review articles on HighTechDad. It does not apply to Automobile reviews and there are other exceptions. Therefore, it may or may not be applicable to this particular article. I may have a material connection because I may have received a sample of a product for consideration in preparing to review the product and write this or other content. I was/am not expected to return the item after my review period. All opinions within this and other articles are my own and are typically not subject to the editorial review from any 3rd party. Also, some of the links in the post above may be “affiliate” or “advertising” links. These may be automatically created or placed by me manually. This means if you click on the link and purchase the item (sometimes but not necessarily the product or service being reviewed), I will receive a small affiliate or advertising commission. More information can be found on my About page.

About HighTechDad

Michael Sheehan (“HighTechDad”) is an avid technologist, writer, journalist, content marketer, blogger, tech influencer, social media pundit, loving husband and father of 3 beautiful girls living in the San Francisco Bay Area. This site covers technology, consumer electronics, Parent Tech, SmartHomes, cloud computing, gadgets, software, hardware, parenting “hacks,” and other tips & tricks.

Facebook-f Twitter Youtube Linkedin Instagram

Recent Articles

Explore Categories

Michael Sheehan (“HighTechDad™”) is an avid technologist, writer, journalist, content marketer, blogger, tech influencer, social media pundit, loving husband and father of 3 beautiful girls living in the San Francisco Bay Area. This site covers technology, consumer electronics, Parent Tech, SmartHomes, cloud computing, gadgets, software, hardware, parenting “hacks,” and other tips & tricks.

Twitter Facebook-f Youtube Instagram Linkedin

Latest Articles

About HighTechDad™