Google Drive phishing is back — with obfuscation

If you have a Google account and a stranger sends you a link to a document on Google Drive, think twice before clicking — it could be a phishing scam designed to harvest your Google credentials.

According to Aditya Sood, architect at Elastica Cloud Threat Labs, the new campaign is reminiscent to one that popped up a year ago, except that this time there are a couple of layers of obfuscation designed to disguise the attack.

Google does have a built-in safety mechanism for its online document storage service, and scans files for malicious code.

But in this particular case, there’s no malware to infect a user’s machine.

Instead, Google Drive is used to host a simple web page. Documents, spreadsheets, presentations, and photos aren’t the only file types that Google Drive supports — it can even be used to host entire websites.

To read this article in full or to leave a comment, please click here