Beware Google Drive phishing

Google Docs has been used to distribute malware in the past. Now it is increasingly being used as a lure for phishing.

The Internet Storm Center (ISC) at the SANS Institute is reporting a wave of phishing using Google Docs as a lure.

Google Docs has been reasonably popular as a repository for sharing malware, but it is increasingly being used for phishing attacks. The attack begins with an email roughly like this one:

Hello,

We sent you an attachment about your booking using Google Drive

I have sent the attachment for you using Google Drive So Click the Google Drive link below to view the attachment.

<button>Google Drive</button>

Click the link in the e-mail and you are brought to a web page, probably on some bot. The fact that the link will almost certainly not be a Google link is one major clue that the email is illegitimate. Here is a screen grab of that page:

Google.Drive.Phish
Image courtesy SANS Institute

Click on the graphic for any of the services and it will ask for your username and password. There's your phish.