Phishing campaign targets Google Docs, Drive users
Symantec has spotted a phishing campaign leveraging Google Drive that would be hard for users to discern as a scam.
Potential victims receive an email with a subject line saying “Documents” with encouragement to click on a link to a purported important document, wrote Nick Johnston of Symantec in a blog post.
Clicking on the link takes a user not to Google Docs but to a login page that looks the same as the one used for Google’s many online services.
That fake login page is “actually hosted on Google’s servers and is served over SSL [Secure Sockets Layer], making the page even more convincing,” Johnston wrote.
“The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there and then used Google Drive’s preview feature to get a publicly-accessible URL to include in their messages,” he added.
If a user takes the bait, their login and password is sent to a PHP script on a compromised Web server, Johnston wrote. The fake login page subsequently redirects to Google Docs documents.
“Google accounts are a valuable target for phishers, as they can be used to access many services including Gmail and Google Play, which can be used to purchase Android applications and content,” Johnston wrote.