Beware Google Drive phishing

Summary:Google Docs has been used to distribute malware in the past. Now it is increasingly being used as a lure for phishing.

The Internet Storm Center (ISC) at the SANS Institute is reporting a wave of phishing using Google Docs as a lure.

Google Docs has been reasonably popular as a repository for sharing malware, but it is increasingly being used for phishing attacks. The attack begins with an email roughly like this one:

Hello,

We sent you an attachment about your booking using Google Drive

I have sent the attachment for you using Google Drive So Click the Google Drive link below to view the attachment.

<button>Google Drive</button>

Click the link in the e-mail and you are brought to a web page, probably on some bot. The fact that the link will almost certainly not be a Google link is one major clue that the email is illegitimate. Here is a screen grab of that page:

Google.Drive.Phish
Image courtesy SANS Institute

Click on the graphic for any of the services and it will ask for your username and password. There's your phish.

Topics: Security

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.