Beware of This Dangerously Convincing Google Docs Phishing Scam

Status
Not open for further replies.

Myna

Level 10
Thread author
Verified
Jan 16, 2014
452
kxgpyid0hye20lj8n1ry.png


A very tricky phishing scam that takes advantage of Google Docs is making its way around the web. And since it uses a google.com URL and even makes use of Google's SSL encryption, it's almost impossible to tell that it's a hack. Your best safeguard, as always, is a little bit of common sense.

This phishing scam starts like many other phishing scams: with an email. The malicious message reportedly arrives with the subject line "Documents" and points to a Google Docs link. Again, it shows up in the address bar as a google.com domain and takes you to a fake log-in page that looks just like the real Google login page. This is how the hackers get you.

"The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing," Symantec security expert Nick Johnston explained in a blog post. "The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly accessible URL to include in their messages."

Once you log in through the fake page, you'll even be taken to an actual Google Doc. Your credentials will be sent to PHP script on a compromised server. You may never even know they've been swiped. Unless, of course, you don't fall for the scam in the first place.

Read the full news @ http://gizmodo.com/beware-of-this-dangerously-convincing-google-docs-phish-1546278702
 

Koroke San

Level 29
Verified
Jan 22, 2014
1,804
Look the right one, there is a huge gap between 2 text " sign in with a different account " & "One Google Account for everything Google" . SO this one is fake. It's easy for me to caught it :D
 
  • Like
Reactions: Venustus

Myna

Level 10
Thread author
Verified
Jan 16, 2014
452
lol.... IMO many will fall for this trick.
*Another good reason to use lastpass/sticky password/roboform
Whenever these login/password managers doesn't fill up the login form for you, you get an instinctive alarm that something is wrong.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top