A sophisticated phishing scheme is targeting Google Docs Users

Security Researchers at Symantec detected a new Sophisticated Phishing Scam that is targeting the Google Docs Users with complex social engineering tricks.

Phishing is still considerable as one of the major cyber threats, its impact on the IT industry is devastating considering that attackers are adopting new techniques even more sophisticated. Principal security firms and CERTs are alerting governments and private enterprises on the alarming growth of phishing, the cybercrime is exploiting new platforms like mobile and social media to conduct phishing and spear phishing attacks.

Today I decided to describe an interesting case proposed by Symantec related a sophisticated phishing scam against Google Docs Users. The attackers used phishing email with the subject “Documents”, the content is requesting the recipient to view an important document published on Google Docs by clicking on the included link. The link redirect users to a fake, end very convincing, Google Docs login page as shown in the following picture:

The attacker hosted the fake page on Google’s servers and adopted SSL protocol for the connections, making the page even more convincing.

“The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive’s preview feature to get a publicly-accessible URL to include in their messages. This login page will look familiar to many Google users, as it’s used across Google’s services. (The text below “One account. All of Google.” mentions what service is being accessed, but this is a subtlety that many will not notice.) It’s quite common to be prompted with a login page like this when accessing a Google Docs link, and many people may enter their credentials without a second thought.” states the blog post published by Symantec.

Once the victim clicked on “Sign in”, the user’s credentials are sent to a PHP script on a web server controlled by the attackers and the page redirects the user to a real Google Docs document.

Symantec researchers remarked that Google accounts are considerable a valuable target cybercriminals, they can give to the attackers a full access to all the services provided by the company, including Gmail and Google Play.

The attackers can use a Google account for further attacks or, as hypothesized by Symantec researchers, to purchase Android applications and content.

Pierluigi Paganini

(Security Affairs – Symantec, phishing)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.