A few days ago I got this email from a friend in Australia. It looked authentic, and I did click on the link to view the document. Would you have done the same? My first suspicion was that this was directed to "undisclosed-recipients". Also, my friend is always very specific and precise in his emails. He would not send an email using lower cases throughout. This email was inconsistent with his character.
When I clicked on the link, the landing page looked exactly like a Google page for viewing documents and in order to view the document, I was asked to enter my email and password. Since I was suspicious, I read the URL http://itstandart.kz/word/excell/front/index.html which didn't make sense. I tested the waters by typing http://itstandard.kz which brought me to an Internet service provider in Kazakhstan. Obviously, this was an attempt to hijack my Gmail account.
Today I received another email from my Australian friend saying that his Gmail account had been hijacked. He explained how he received the same email from a customer whom he trusted and he was curious and entered his email and password. The scammers captured his email login and password. They used his gmail account to send the same bogus email to everyone in his address book before removing/deleting all his contacts.
1. Change your gmail password often.
2. Don't store your passwords or banking information in Google Docs, Gmail notes or email drafts
3. When a link takes you to a web page, check if the URL is legitimate.
Please share this post with your friends so they won't get scammed.