Cloud Services Phishing Scams

We are again seeing an increasing number of attempts by malicious parties to harvest users' credentials for cloud services such as Google Apps and Yahoo! Mail via phishing emails. These emails typically claim to contain a link to document shared with you by a trusted party such as a co-worker or your financial institution. A recent example resembled the following:

*From:* John Doe <> 
*Date:* May 3, 2016 at 08:30:24 CDT 
*To:* undisclosed-recipients:; 
*Subject:* *Secure Document from (John Doe)*

John Doe has shared the following PDF:
Secured File Via Google Drive(
Open (

Google Drive: Have all your files within reach from any device. 2016

John Doe

Clicking the link in the email takes you to a website with an interface resembling the login page for the cloud service in question with a prompt to enter your credentials for any one of a number of cloud services. If you receive one of these emails, delete it immediately. Under no circumstances should you click the link or supply credentials to any site linked to in the email.

If you enter your credentials into this fake login form the scammers will then access your account, harvest any sensitive data it contains (such as account numbers at financial institutions) and then start sending out new phishing emails to your contacts.


Variants of this particular phishing scam have been making the rounds for a while but activity has increased along with the number of organizations taking advantage of cloud services. Ultimately, the means to protect yourself and your organization are the same as they've always been:

  • Use caution when clicking links in email or opening email attachments. Check out the US Computer Emergency Readiness Team (CERT) document on Recognizing and Avoiding Email Scams as well as this link from US CERT for more information on malicious attachments.
  • Keep your anti-virus software up-to-date. The anti-virus software provided by IT Freedom checks for software and virus definition updates throughout the day. If your anti-virus software isn't updating, please contact the Helpdesk.
  • Set a browser bookmark for the login pages of any cloud services providers you or your organization use. If you receive an email you're unsure about containing a login link, skip the link and use your bookmark.
  • Use your vendor's two-factor authentication method, if available.
  • Install operating system updates when prompted.


Additional Information

For additional information about email scams and phishing attacks, please visit the following link provided by US CERT:

If you're interested two-factor authentication, visit Google's page covering their implementation (called 2-Step Verification).

Please contact the Helpdesk if you have any questions. Thank you!

Have more questions? Submit a request



Article is closed for comments.