Phishing scammers tap Google Docs for data gathering

Summary:Phishers are using Google-hosted spreadsheets in identity-stealing social engineering attacks, according to security firm F-Secure

Phishing scammers are using Google Docs to create forms that try to trick people into divulging personal information, according to security company F-Secure.

Phishing form with certificate

Phishing scammers are using Google Docs to create forms that try to trick people into divulging personal information. Screenshot: F-Secure

The Google-hosted service, which allows people to create and share documents, is regularly used by fraudsters as part of a phishing scheme, F-Secure said in a blog post on Monday. Using the spreadsheet tool, phishers are building spoofed forms with fields for details such as name, email address and password, the security company said.

The fraudsters are taking advantage of the Google service, rather than exploiting a flaw. This means the spreadsheets look no different to any other created via Google Docs.

"These are nasty attacks, as the phishing pages are hosted on the real Google.com, complete with a valid SSL certificate," said F-Secure chief research officer Mikko Hypponen in the blog post.

F-Secure investigated the Google-hosted phishing forms it found in circulation by looking at their links and then seeing if these links appeared in its inventory of phishing emails, Hypponen told ZDNet UK. In addition, they looked at the forms to see where the information entered in them was sent to.

Although anyone can create a form, Google is trusted as a brand, making social-engineering attacks based on Google Docs forms more likely to succeed, said Hypponen.

The potential for user confusion is compounded by Google using forms on spreadsheets.google.com to officially request user information. Users can request a Google Voice account transfer, and have to input their Google Voice number, email address and PIN code to validate the transfer.

"I'm not blaming Google over the phishing sites, but if phishing is a problem, why on earth is Google hosting its own forms asking for confidential customer information?" asked Hypponen.

The researcher created a form that looked similar to the Google form, to prove that Google's official form could be spoofed.

Google had not responded to a request for comment at the time of writing.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.