I’ve received an email, apparently from a PR agency based in San Francisco.
The PR agency is real, with real clients, and real offices.
But the email is bogus.
I’ve Shared the confidential sheet with you for review using Google access page
CLICK ON HERE
©2015 Google – Terms & Privacy Regards
I’ve obscured the PR agency’s name and contact details to protect the innocent, because I’m fairly sure that they weren’t responsible for sending it.
Would you click on the link?
I guess the bad guys behind this particular attack give the game away a little by making such a poor job of their grammar, but there’s no doubt that some people will be so intrigued by the idea of a “confidential sheet” that they will click first and think later.
But if you took a second to hover your mouse, over the clickable link in the email you would find that it doesn’t really take you to a file on Google Drive, but instead to a phishing page designed to steal your credentials.
And not just your Google username and password. Oh no, these guys would quite like it if you handed over your AOL, Hotmail (don’t they know it’s called Outlook now?), or Yahoo password too.
Always take care about what you click on. It might be someone trying to steal your passwords.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.