Google Docs Phishing Frauds

It seems that almost every tool Google provides is readily adopted by spammers and scammers alike.  Not a day goes by that we don’t see spam and Phishing fraud and other identity theft emails from hacked Gmail and Google Groups accounts and often abusing systems such as Google Docs.

The ubiquity of these free services makes for the perfect no-cost social engineering platform for hackers to use for launching their attacks.

A current Phishing campaign uses stolen Gmail accounts to steal the credentials to other email accounts, allowing spammers to increase their spam volume day over day.

The most common email circulating now comes with a subject that references the sharing of a file though “Google Docs” and often has a subject line of simply:

Subject:     Important Document

Since the email comes from a previously hijacked account, the recipients will typically recognize the sender’s address which makes it more likely that they will be taken in by this fraud:

Google Docs Phishing

Google Docs Phishing

In addition, the email will quite often include the account holders name and signature file (commonly including company name, phone, fax and other personal details) which makes it even more likely those receiving the message will trust it’s content.

In these cases however, the linked words lead to fake login pages that request the reader’s email username and password:

Google Docs Phishing Login

Google Docs Phishing Login

While the pretense is that this information is required to access the “Important Document” in fact the form simply provides your submitted login credentials to the spammer, who will then use your account to send more spam, viruses and these same Phishing frauds.

Cleverly, once you submit your personal email address information, the spammer’s form will then redirect you to actual google account pages which conceals from most users the facet that their email account access information has just been stolen.

Another identity theft scam currently circulating claims to come from a “webmail Administrator” and warns that your account is over quota:

Your mailbox has exceeded the limit 2 GB storage is also defined by your
administrator, are 2.30GB running, can not be able to send or receive new
messages until you confirm your mailbox. To re-validate your mailbox. do
click on the link below:

https://docs.google.com/forms/d/1wenmD0sljZ0Cje1_O6UPOdM4PKiFMDH25_HLSPc6Hag/viewform

System Manager
(webmail Administrator)

This email actually does use Google Docs to host a web form used to trick users into providing their email account username and password:

Google Docs Webmail Phishing Form

Google Docs Webmail Phishing Form

And also provides the user with a reassuring confirmation screen, again for the purpose of making it unlikely the victim will realize the theft that has just occurred:

Google Docs Webmail Phishing Confirmation

Google Docs Webmail Phishing Confirmation

Interestingly, the examples provided are not too difficult for most good spam filters to detect. Regardless, recipients are still fooled by these emails every day (as evidenced by the volume of already stolen Gmail and other system accounts we see sending these emails).

More importantly, such obvious Phishing Frauds should be even easier for Google’s Gmail and Google Docs systems to detect before they are sent out to the masses in the first place.

That so many persist speaks volumes to Google’s weak internal email security measures.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , , , , ,

Comments are closed.