‘Proposal Letter on Google Drive’ Phishing Scam

Email Phishing Scam

According to this email, the sender tried to attach a proposal letter but received an error message stating that the attachment exceeded the 25MP attachment size limit. So, claims the email, the sender put the document on Google Drive instead.

The email includes an ‘Open’ link that supposedly allows you to access the proposal letter.

At first take, the message might seem reasonable.  People often do  use Google Drive or other such services to share large documents. And some email systems might impose an attachment size limit. So, a busy office worker who may regularly receive various types of proposal letters might be tricked into clicking the link.

But, alas, the link opens a fraudulent website designed to look like the Google Drive home page.  A popup window on the page claims that for ‘security reasons, you are required to sign in with your email address to access shared files and folders’. The window includes a form that asks you to first select your email provider from a dropdown list and then enter your email address, telephone number and email account password.

After providing this information, you will be automatically redirected to the real Google Drive website.

The scammers can now collect the details you provided and use them to hijack your email account. Once they have gained access, they can use your account to launch further spam and scam campaigns. And, if you use a provider such as Google or Microsoft, the details you submitted may allow the scammers to hijack not only your email account, but associated services as well.

There have been many versions of this scam in recent years. If you receive one of these emails, do not click any links or open any attachments that it contains.


Subject: 16102015_Proposal_Letter.pdf16102015_Proposal_Letter.pdf

Hello, Please find the attached for your attention. I tried to upload and send earlier but got an error message “The file you are trying to send exceeds the 25MB attachment limit” So i had to send it using Google Drive.


Screenshot of fake website and form:

Bogus Google Drive Email Form


Last updated: November 17, 2015
First published: November 17, 2015
By Brett M. Christensen
About Hoax-Slayer

Google Drive Email Phishing Scam
‘Confidential Document’ Google Docs Phishing Scam
Phishing Scams – Anti-Phishing Information