Phishing campaign targets Google Docs, Drive users

A fake log-in page looks legitimate since it is served up by Google over SSL, Symantec said

Symantec has spotted a phishing campaign leveraging Google Drive that would be hard for users to discern as a scam.

Potential victims receive an email with a subject line saying "Documents" with encouragement to click on a link to a purported important document, wrote Nick Johnston of Symantec in a blog post.

[ It's time to rethink security. Two former CIOs show you how to rethink your security strategy for today's world. Bonus: Available in PDF and e-book versions. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Clicking on the link takes a user not to Google Docs but to a log-in page that looks the same as the one used for Google's many online services.

That fake log-in page is "actually hosted on Google's servers and is served over SSL [Secure Sockets Layer], making the page even more convincing," Johnston wrote.

"The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there and then used Google Drive's preview feature to get a publicly-accessible URL to include in their messages," he added.

If a user takes the bait, their log-in and password is sent to a PHP script on a compromised Web server, Johnston wrote. The fake log-in page subsequently redirects to Google Docs documents.

"Google accounts are a valuable target for phishers, as they can be used to access many services including Gmail and Google Play, which can be used to purchase Android applications and content," Johnston wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies