In its latest blog entry, Symantec warns of an ongoing intricate scam targeting Google Docs and Google Drive users.
With a simple subject "Documents", the scam gets the recipient to view an important document on Google Docs by clicking on the included link. The link will take you to a seemingly authentic Google Docs login page, which is actually hosted on Google's servers and served over SSL, making the page more credible and trustworthy to users.
As it's very common to be prompted with a login page like this when accessing a Google Docs link, people may enter their credentials without much thought. However, after hitting "Sign in", their credentials are sent to a PHP script on a compromised web server. The page then starts loading a real Google Docs document, further convincing users that the site is legitimate.
Google accounts are a valuable target for phishers, as they can be used to access many services including Gmail and Google Play, which can be used to purchase Android applications and content.