Millions of phishing messages releasing every day, but recently, one stood out a sophisticated scammers are targeting Google accounts and Google Drive users.
According to Symantec the scammers uses a simple subject of "Documents" and urges the recipient to view an important document on Google Docs by clicking on the included link.
Actually the link doesn't go to Google Docs, but it does go to Google, where a very convincing fake Google Docs login page is shown:
The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing. The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly-accessible URL to include in their messages.
This login page will look familiar to many Google users, as it's used across Google's services. (The text below "One account. All of Google." mentions what service is being accessed, but this is a subtlety that many will not notice.)
It's quite common to be prompted with a login page like this when accessing a Google Docs link, and many people may enter their credentials without a second thought.
After pressing "Sign in", the user’s credentials are sent to a PHP script on a compromised web server.
This page then redirects to a real Google Docs document, making the whole attack very convincing. Google accounts are a valuable target for phishers, as they can be used to access many services including Gmail and Google Play, which can be used to purchase Android applications and content.
Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter
According to Symantec the scammers uses a simple subject of "Documents" and urges the recipient to view an important document on Google Docs by clicking on the included link.
Actually the link doesn't go to Google Docs, but it does go to Google, where a very convincing fake Google Docs login page is shown:
The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing. The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly-accessible URL to include in their messages.
This login page will look familiar to many Google users, as it's used across Google's services. (The text below "One account. All of Google." mentions what service is being accessed, but this is a subtlety that many will not notice.)
It's quite common to be prompted with a login page like this when accessing a Google Docs link, and many people may enter their credentials without a second thought.
After pressing "Sign in", the user’s credentials are sent to a PHP script on a compromised web server.
This page then redirects to a real Google Docs document, making the whole attack very convincing. Google accounts are a valuable target for phishers, as they can be used to access many services including Gmail and Google Play, which can be used to purchase Android applications and content.
Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter
No comments:
Post a Comment