I have received a phishing email recently. In chrome, when I right click on the link and click copy link address. this is the URL that is copied to the clipboard: http://googledrive.com/host/0B4RDWFvJBbLZbWgyTmRwWDUwbzA (WARNING: PHISINHG SITE!)
I'm trying to understand how this exactly works:
- In chrome, when I paste this url and go the the site, I'm redirected to the phishing site.
- In chrome, when I paste the same URL in incognito mode I'm redirected to https://accounts.google.com with a valid certificate by google. (???)
- In chrome when I paste and go to http://googledrive.com, I'm redirected to my google drive with valid certificate from google.
- In IE when I paste and go the the original URL (the one that redirects to the phishing site in chrome) I am redirected to https://accounts.google.com with certificate from google.
That does not make any sense to me. If the domain googledrive.com belongs to google. then how the redirection to the phishing site happens? Why does in happen only in chrome and why does it happen only when not in incognito mode?