It seems that almost every tool Google provides is readily adopted by spammers and scammers alike. Not a day goes by that we don’t see spam and Phishing fraud and other identity theft emails from hacked Gmail and Google Groups accounts and often abusing systems such as Google Docs.
The ubiquity of these free services makes for the perfect no-cost social engineering platform for hackers to use for launching their attacks.
A current Phishing campaign uses stolen Gmail accounts to steal the credentials to other email accounts, allowing spammers to increase their spam volume day over day.
The most common email circulating now comes with a subject that references the sharing of a file though “Google Docs” and often has a subject line of simply:
Subject: Important Document
Since the email comes from a previously hijacked account, the recipients will typically recognize the sender’s address which makes it more likely that they will be taken in by this fraud: