According to this email, the sender tried to attach a proposal letter but received an error message stating that the attachment exceeded the 25MP attachment size limit. So, claims the email, the sender put the document on Google Drive instead.
The email includes an ‘Open’ link that supposedly allows you to access the proposal letter.
At first take, the message might seem reasonable. People often do use Google Drive or other such services to share large documents. And some email systems might impose an attachment size limit. So, a busy office worker who may regularly receive various types of proposal letters might be tricked into clicking the link.
But, alas, the link opens a fraudulent website designed to look like the Google Drive home page. A popup window on the page claims that for ‘security reasons, you are required to sign in with your email address to access shared files and folders’. The window includes a form that asks you to first select your email provider from a dropdown list and then enter your email address, telephone number and email account password.
After providing this information, you will be automatically redirected to the real Google Drive website.
The scammers can now collect the details you provided and use them to hijack your email account. Once they have gained access, they can use your account to launch further spam and scam campaigns. And, if you use a provider such as Google or Microsoft, the details you submitted may allow the scammers to hijack not only your email account, but associated services as well.
Hello, Please find the attached for your attention. I tried to upload and send earlier but got an error message “The file you are trying to send exceeds the 25MB attachment limit” So i had to send it using Google Drive.
Screenshot of fake website and form:
Last updated: November 17, 2015
First published: November 17, 2015
By Brett M. Christensen