Symantec has recently disclosed a sophisticated scam targeting Google Docs and Google Drive users.
The security firm says that the scam uses a simple subject of "Documents" and urges the recipient to view an important document on Google Docs by clicking on the included link.The link doesn't go to Google Docs, but it does go to Google, where a convincing fake Google Docs login page is shown -- similar to the one used across Google's services.
It is very impressive that the fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing.
Synantec says that the scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly-accessible URL to include in their messages
After pressing "Sign in", the user’s credentials are sent to a PHP script on a compromised web server.
This page then redirects to a real Google Docs document, making the whole attack very convincing.