Phishing campaign targets Google Docs, Drive users

A fake login page looks legitimate since it is served up by Google over SSL, Symantec said

Symantec has spotted a phishing campaign leveraging Google Drive that would be hard for users to discern as a scam.

Potential victims receive an email with a subject line saying "Documents" with encouragement to click on a link to a purported important document, wrote Nick Johnston of Symantec in a blog post.

Clicking on the link takes a user not to Google Docs but to a login page that looks the same as the one used for Google's many online services.

That fake login page is "actually hosted on Google's servers and is served over SSL [Secure Sockets Layer], making the page even more convincing," Johnston wrote.

"The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there and then used Google Drive's preview feature to get a publicly-accessible URL to include in their messages," he added.

If a user takes the bait, their login and password is sent to a PHP script on a compromised Web server, Johnston wrote. The fake login page subsequently redirects to Google Docs documents.

"Google accounts are a valuable target for phishers, as they can be used to access many services including Gmail and Google Play, which can be used to purchase Android applications and content," Johnston wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

This story, "Phishing campaign targets Google Docs, Drive users" was originally published by IDG News Service .

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies