There are many ways to dupe people out of their login credentials…
In the examples below, what looks like an authentic email contains a link to an ‘important’ GoogleDoc:
http://www.symantec.com/connect/blogs/google-docs-users-targeted-sophisticated-phishing-scam
http://nakedsecurity.sophos.com/2012/05/30/phishing-with-help-from-google-docs/
Remember – don’t click on links in email! (if you don’t feel safe about clicking on the above, then use them in a Google search)