If you see email about important doc through Google Drive/ Dropbox and the sender claims never sent email about it to anybody. That means your email account is infected with “Phishing”.
Someone’s email account gets cracked, and is used to send an email with a link to a phishing login to harvest even more credentials. Because the phishing email is coming from someone who is real, and even known to you, it is more likely that someone will fall for it. Be very careful and watch out for Phising Email.
This email claims to have an “important message” for you that they uploaded to Drive or Box or any others. If you provide your email credentials, you yourself have been phished.
About phishing
A phishing website or message tries to trick you into revealing personal information by appearing to be from a legitimate source, such as a bank, social network, or even Google. If you receive a suspicious message, do not provide the information requested. We’ve included some tips to help you recognize phishing and keep your account secure.
How can I recognize phishing?
You should always be wary of any message that asks for your personal information or messages that refer you to a web page asking for personal information. If you receive this type of message, especially from a source claiming to be Google or Gmail, please don’t provide the information requested. Google will never send unsolicited messages asking for your password or personal information, or messages containing executable attachments.
Messages or websites phishing for information might ask you to enter:
- Usernames and passwords
- Social Security numbers
- Bank account numbers
- PINs (Personal Identification Numbers)
- Full credit card numbers
- Your mother’s maiden name
- Your birthday
Thus, NEVER provide any credentials to unknown website. Make sure you double check the URL.
What should I do when I see a phishing scam?
First and most important – RESET YOUR PASSWORD!
Never reply to suspicious emails, tweets, or posts with your personal or financial information. Also, don’t fill out forms or sign-in screens that link from these messages.
Most email providers, including Gmail, allow you to report suspicious emails and phishing scams. To report phishing in Gmail, click the drop-down arrow next to “Reply” and select “Report phishing.”
Select the Report Phishing Message option to finish the process.
Reporting a message as phishing will prevent that user from sending you more emails. Also, we’ll use the report to help thwart the attack and others like it.
How to avoid the Email phishing :
- Do not click on links or attachment you receive from people you don’t know.
- Avoid logging in to Google through emailed links; only logging use safe protocol on httpS://drive.google.com orhttpS://gmail.google.comalso universal page for Google access httpS://accounts.google.com
- Make sure you already perform all the steps on Gmail Security Checklist as on this linkhttps://support.google.com/mail/checklist/2986618?hl=en
- Stop and think : if you use Gmail and are already logged on to your Google Account, you shouldn’t need to log on again to access Drive
Phishing Landing Pages:
The link will go to some compromised website which loads a page to harvest your password if you try to log in. Because these allow you to hand over your account password for a wide variety of accounts, like casting a wide net and hoping for some fish, we call these seine phishing.
Same email, but from normal spammer sources like botnets:
These usually come from real email accounts from real people you know, but occasionally the same template is used by traditional scam emailers:
Headers samples:
Received: from smtp202.alice.it [82.57.200.98]
X-Envelope-From: doc @doc.com
From: “Google Drive”<doc @doc.com>
Subject: Important & Confidential