If you have a Google account and a stranger sends you a link to a document on Google Drive, think twice before clicking — it could be a phishing scam designed to harvest your Google credentials.
According to Aditya Sood, architect at Elastica Cloud Threat Labs, the new campaign is reminiscent to one that popped up a year ago, except that this time there are a couple of layers of obfuscation designed to disguise the attack.
Google does have a built-in safety mechanism for its online document storage service, and scans files for malicious code.
But in this particular case, there’s no malware to infect a user’s machine.
Instead, Google Drive is used to host a simple web page. Documents, spreadsheets, presentations, and photos aren’t the only file types that Google Drive supports — it can even be used to host entire websites.