Tags:
Forums: 

Google Docs Users Targeted by Sophisticated Phishing Scam

We see millions of phishing messages every day, but recently, one stood out: a sophisticated scam targeting Google Docs and Google Drive users. The scam uses a simple subject of "Documents" and urges the recipient to view an important document on Google Docs by clicking on the included link. Of course, the link doesn't go to Google Docs, but it does go to Google, where a very convincing fake Google Docs login page is shown:

The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing. The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly-accessible URL to include in their messages.

This login page will look familiar to many Google users, as it's used across Google's services. (The text below "One account. All of Google." mentions what service is being accessed, but this is a subtlety that many will not notice.)

It's quite common to be prompted with a login page like this when accessing a Google Docs link, and many people may enter their credentials without a second thought. After pressing "Sign in", the user’s credentials are sent to a PHP script on a compromised web server. This page then redirects to a real Google Docs document, making the whole attack very convincing. Google accounts are a valuable target for phishers, as they can be used to access many services including Gmail and Google Play, which can be used to purchase Android applications and content. Symantec customers are protected against this threat.

About Symantec

Symantec Corporation (NASDAQ: SYMC) is an information protection expert that helps people, businesses and governments seeking the freedom to unlock the opportunities technology brings – anytime, anywhere. Founded in April 1982, Symantec, a Fortune 500 company, operating one of the largest global data-intelligence networks, has provided leading security, backup and availability solutions for where vital information is stored, accessed and shared. The company’s more than 21,500 employees reside in more than 50 countries. Ninety-nine percent of Fortune 500 companies are Symantec customers. In fiscal 2013, it recorded revenues of $6.9 billion. To learn more go to \www.symantec.com or connect with Symantec at: go.symantec.com/socialmedia.

Get latest news from Blognone
By: ordinaryone
AndroidRed HatWindows
on 29 March 2014 - 23:14 #691413

What the hell about Symantec.
It doesn't relate to anything above.
Just an additional in the last sentence.

By: PhyllisNoe on 27 August 2019 - 02:29 #1125428

Well it's an amazing achievement by google docs. As many people are suffering a lot with these phishing mails every day according to essayhave.com review news. Even i am one of them who receive abundant of scam mails every time and i just add them to spam list. I feel authorities must take action upon the fraudulent mails sending persons.

By: Losa on 13 November 2019 - 12:26 #1137070

Special project for this year

slotxo