- dotTech - https://dottech.org -

Google Docs is being used for phishing attacks

Phishing is when some scumbag attempts to trick someone into revealing some type of information, typically a username and password, by posing as a legitimate entity. Often times the best way to realize you are being phished is to note that you are not on a legitimate website by looking at the URL. What if an e-mail contains a link to a website that appears to be from Google [1]; would you then be obliged to provide whatever information is being asked? My guess is some people would.

Google Docs is a popular online office suite service provided by Google. Anyone and everyone can create documents on Google Docs and publicly share the documents with others. When sharing a Google Docs document, the link to the document starts with http://docs.google.com/. People familiar with Google Docs will of course recognize any Google Docs document is not from Google but rather from whomever created the document. However, people not familiar with Google Docs could very possibly be tricked into thinking it is Google which owns the page/document they are being sent to because of the fact that the page/document resides on Google’s URL. And if that page/document asks a user to input some information… well I suppose you know what would happen next.

Because the presence of “google.com” in a Google Docs URL provides a false sense of security, many scumbags are resorting to using Google Docs for phishing. As Sophos points out, there are phishing e-mails circulating around that direct users to a Google Docs document and ask them to input information, such as login information. For example, one e-mail tells a user that their e-mail address will expire unless they “confirm” their account


A user that clicks on the provided URL is brought to a page that tells them to enter their login information or their e-mail address will expire in three days:


God knows who gets the information once you hit the “Submit” button in the form shown above, but it definitely isn’t Google even though the page is seemingly on Google’s website. (See the “google.com” in the address bar?) As I mentioned before, people familiar with Google Docs will instantly recognize (should instantly recognize) the questionable nature of the form that is in front of them. However, people that don’t know anything about Google Docs may well think they are providing the information to Google and type their e-mail account away.

There are, of course, ways to report phishing Google Docs pages. As you can see in the above screenshot, at the bottom of every Google Docs page there is a “Report Abuse” link which lets you report the Google Docs document as “spam, malware, or phishing”. However, by the time you report a phishing Google Docs page, some poor fool may have already be caught in its deceit.

Moral of the story? Explain the concept of Google Docs to your technically challenged friends and family, and never (ever) enter your personal information — may that be username, password, social security number, birthday, credit card number, etc. — into a Google Docs form.

[via Sophos [4]]