Beware Google Drive phishing

Beware Google Drive phishing

Summary: Google Docs has been used to distribute malware in the past. Now it is increasingly being used as a lure for phishing.

TOPICS: Security

The Internet Storm Center (ISC) at the SANS Institute is reporting a wave of phishing using Google Docs as a lure.

Google Docs has been reasonably popular as a repository for sharing malware, but it is increasingly being used for phishing attacks. The attack begins with an email roughly like this one:


We sent you an attachment about your booking using Google Drive

I have sent the attachment for you using Google Drive So Click the Google Drive link below to view the attachment.

<button>Google Drive</button>

Click the link in the e-mail and you are brought to a web page, probably on some bot. The fact that the link will almost certainly not be a Google link is one major clue that the email is illegitimate. Here is a screen grab of that page:

Image courtesy SANS Institute

Click on the graphic for any of the services and it will ask for your username and password. There's your phish.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Dumb

    Some people still fall for anything.
  • Sucker born ever minute

    My credit card company periodically sends out special offers containing a clickable link that leads to a log in page............ an incredibly stupid practice as it would be extremely easy to spoof this and send customers to a dummy page where their log in information would be phished. I called them repeatedly complaining about this practice...... they seem to have discontinued it, however their E-billing contains a clickable long in link (which I never use). likewise online merchants often have a clickable link to PayPal, where you log in to PayPal from their site and approve a payment. The proper procedure should be that you open another tab and log in to PayPal externally an authorize payment of their bill. Extra steps but absolutely secure as you know that you are legitimately on PayPal, not some spoof site, and your log in is secure. There are countless ways we can expose ourselves without meaning to.......... How many times have you logged into a site and had them ask "shall we use credit card X or credit card Y".....and wondered who gave them authorization to hold your credit card info? How is it secured? Who has access?
  • If you didn't ask for it, delete it without opening

    There's a reason why subpeonas are required to be presented in person to the recipient. I don't even open attachments from my friends unless I'm expecting them.
    • attachments & links

      I agree about never opening attachments or clicking links in Email........... I long ago abandoned Outlook Express and Internet Explorer due to lack of the ability to control execution of scripts at that time........... though now I use Linux almost exclusively and have for many years. At one time Outlook Express would automatically run any script in a message........ depending on how it was attached, and could not be stopped!
      • Yep,

        Dumped Outlook a long time ago. The Yahoo Mobile App now autoruns embedded media and Yahoo REFUSES to give the users the ability to disable this, so it is just a matter of time before someone embeds malware in messages targeted at mobile devices using the Yahoo Mail App.
  • That's why some billing sites now have "personal pictures."

    On some sites, you enter ONLY your username on the first https:// login page, and the next page displays the password prompt and a picture, which you can select in your signup, and modify in your security update page. The text says not to use this login page if YOUR specific picture is not displayed. So even if a spoof page were to be set up to look like the generic FIRST login page, anyone without your personal information would not know which picture to display, since (unless the real developers were stupid) presumably, their login process would copy your picture to a temporary file on the server with a name that does not reveal the picture file's permanent name. I would assume that similar precautions would be taken when displaying the possible selections and reading your choice in the setup dialog.
  • phishers when caught should swim with the fishes.

    Time that punishments fitted the crime! If the net is to remain useable scum should be skimmed off!

    Time companies with sloppy sites should punished for having lax security putting users at risk. Not every user is as savvy as some of the smug clever dicks posting that they are happy to see people suffer!
    dumb blonde