MUST READ

Qantas cuts executive bonuses by 15% after a July data breach

 | 

MeetC2 - A serverless C2 framework that leverages Google Calendar APIs as a communication channel

 | 

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

 | 

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

 | 

SVG files used in hidden malware campaign impersonating Colombian authorities

 | 

France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules

 | 

$10M reward for Russia's FSB officers accused of hacking US Critical infrastructure

 | 

Severe Hikvision HikCentral product flaws: What You Need to Know

 | 

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

 | 

Google addressed two Android flaws actively exploited in targeted attacks

 | 

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

 | 

Android droppers evolved into versatile tools to spread malware

 | 

Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

 | 

Cloudflare blocked a record 11.5 Tbps DDoS attack

 | 

Palo Alto Networks disclosed a data breach linked to Salesloft Drift incident

 | 

Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely

 | 

Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

 | 

Crooks exploit Meta malvertising to target Android users with Brokewell

 | 

North Korea’s APT37 deploys RokRAT in new phishing campaign against academics

 | 

Fraudster stole over $1.5 million from city of Baltimore

 | 

A sophisticated phishing scheme is targeting Google Docs Users

Pierluigi Paganini March 15, 2014

Security Researchers at Symantec detected a new Sophisticated Phishing Scam that is targeting the Google Docs Users with complex social engineering tricks.

Phishing is still considerable as one of the major cyber threats, its impact on the IT industry is devastating considering that attackers are adopting new techniques even more sophisticated.  Principal security firms and CERTs are alerting governments and private enterprises on the alarming growth of phishing, the cybercrime is exploiting new platforms like mobile and social media to conduct phishing and spear phishing attacks.

Today I decided to describe an interesting case proposed by Symantec related a  sophisticated phishing scam against Google Docs Users. The attackers used phishing email with the subject “Documents”, the content is requesting the recipient to view an important document published on Google Docs by clicking on the included link. The link redirect users to a fake, end very convincing, Google Docs login page as shown in the following picture:

Google Docs Phishing

The attacker hosted the fake page on Google’s servers and adopted SSL protocol for the connections, making the page even more convincing.

“The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive’s preview feature to get a publicly-accessible URL to include in their messages. This login page will look familiar to many Google users, as it’s used across Google’s services. (The text below “One account. All of Google.” mentions what service is being accessed, but this is a subtlety that many will not notice.) It’s quite common to be prompted with a login page like this when accessing a Google Docs link, and many people may enter their credentials without a second thought.” states the blog post published by Symantec.

Once the victim clicked on “Sign in”, the user’s credentials are sent to a PHP script on a  web server controlled by the attackers and the page redirects the user to a real Google Docs document.

Symantec researchers remarked that Google accounts are considerable a valuable target cybercriminals, they can give to the attackers a full access to all the services provided by the company, including Gmail and Google Play.

The attackers can use a Google account for further attacks or, as hypothesized by Symantec researchers, to purchase Android applications and content.

Pierluigi Paganini

(Security Affairs – Symantec, phishing)

Cybercrime Gmail Hacking mobile phishing Phishing Email social media spear phishing watering hole

you might also like

Pierluigi Paganini September 06, 2025
Qantas cuts executive bonuses by 15% after a July data breach
Read more
Pierluigi Paganini September 05, 2025
SVG files used in hidden malware campaign impersonating Colombian authorities
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Qantas cuts executive bonuses by 15% after a July data breach

Data Breach / September 06, 2025

MeetC2 - A serverless C2 framework that leverages Google Calendar APIs as a communication channel

Security / September 06, 2025

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

Hacking / September 05, 2025

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

Breaking News / September 05, 2025

SVG files used in hidden malware campaign impersonating Colombian authorities

Malware / September 05, 2025