Mailbox Closure Warning!!! – Google Docs Email Theft

The latest abuse of Google Docs for email theft appears in your inbox as:

Subject:     Mailbox Closure Warning!!!

or

Subject:     WEBMAIL ADMIN.ntc

If that manages to grab your attention, the content of the message goes further:

Helpdesk requires you to upgrade webmail by Clicking

https://docs.google.com/spreadsheet/viewform?formkey=dGkzVVg4WGlMaWFpaGdYcG1wVlV4cVE6MQ

This Message is From Helpdesk. Due to our latest IP Security upgrades we have reason to believe that your webmail account was accessed by a third party. Protecting the security of your webmail account is our primary concern, we have limited access to sensitive webmail account features. Failure to revalidate, your e-mail will be blocked in 24 hours.

Thank you for your cooperation.

While not the most polished email theft we’ve seen, the clever part of this is using the Google Docs service to commit the Email Phishing Fraud and account theft.

While the link in the above email may eventually be taken down by Google (though probably no time soon based on the weak or non-existent enforcement we have noted in the past) following the hyper-link takes the recipient to a spreadsheet form such as:

Google Docs Email Phishing Form
Click for Larger Image

If you then are kind enough to provide the spammer with your email login information, you’ll be redirected to another screen, confirming the transaction (in this case, the successful theft of your private information and access to your email account):

Google Docs Email Phishing Thank You Form

Click for Larger Image

While the emails themselves are not typically sent by Google, hosting the forms used to steal users email account information on Google Docs allows the spammers to better penetrate anti-fraud defenses.

Simply put, most spam filters look at the links contained within emails to make filtering decisions. Manipulating the Google Docs service to commit the email theft allows these spammers a much better chance of evading capture because the links actually do point to documents hosted on Google’s servers.

In addition, the fact that these forms are hosted on actual Google Docs servers (complete with valid URLs and graphics) substantially enhances the perceived authority and credibility of the form, thus lowering the recipient’s potential suspicions. This is especially true if the recipient’s company already uses Google Docs internally as they will then be quite accustomed to regularly receiving links to documents and forms via the Google Docs service.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , , ,

Comments are closed.