• by Jess Nelson , December 7, 2015

A Google Drive phishing scam has reportedly returned, despite the company's claim that a security hole was fixed more than a year ago.

The phishing scam, which attempts to steal a user’s Google account login information, first appeared in 2014 when hackers imitated a Google Drive document to trick recipients into entering their account login information.

Over the summer, security firm Elastica reported that the Google Drive phishing scam has returned with a new twist: additional code and fake SSL encryption was used to obfuscate the threat. At the time, the security firm stated that the renewed attack likely could be attributed to the same group of hackers as 2014.

IT PRO revealed that the phishing scam returned in October, and this week reports have again surfaced that Google users are having their Gmail accounts hacked via Google Drive. Once a user is hacked, a mass email is sent to every contact on their list with instructions to open a Google Drive Document or Sheet. Once that link is clicked, users are asked for their login information.

With a stolen Google password cybercriminals can access any service that is integrated with the Google account, including Gmail emails and Google Drive documents. The hackers can also choose to change the Google account password, and completely shut out users from their Google accounts.

Google did not respond to a request for comment. 

Experts say to look out for telltale signs of email scams, including typos, unbranded content, and inaccurate URLS. Another security measure for the future could be a personalized email server. AirSpaceOne recently launched a now fully funded Indiegogo campaign for a pocket-sized private email server.