TweakTown

Phishing attacks aimed at Google Docs, Drive users

A clever Google Docs phishing attack opens the door for cybercriminals to steal information from users.

Published Mon, Mar 17 2014 2:55 PM CDT   |   Updated Sat, Aug 8 2020 10:29 AM CDT

Security researchers see a large volume of daily phishing attacks each day, but a recent phishing attempt to compromise Google Docs users has sent up red flags, according to a blog recently published by Symantec.

Phishing attacks aimed at Google Docs, Drive users | TweakTown.com

The e-mail has a title of "Documents" and tricks users to view "an important document" via Google Docs by clicking an included link. Instead of going to the traditional Google Docs login page, a convincing fake Google Docs login page is where users end up. Even worse, the phishers are running the fake page on Google servers with SSL support, and when a user enters information, a compromised server receives the PHP script.

Following a compromised user logging in, a redirected page takes users to an authentic Google Docs file - a very convincing phishing effort.

Cybercriminals created the phony page using a folder inside a Google Drive account, which was set to public, then uploaded a file. Compromised Google credentials provide access to Gmail, Google Play, and other Google accounts, so this is a major security issue that users need to be aware of.

An experienced tech journalist and marketing specialist, Michael joins TweakTown looking to cover everything from consumer electronics to enterprise cloud technology. A former Staff Writer at DailyTech, Michael is now the West Coast News Editor and will contribute news stories on a daily basis. In addition to contributing here, Michael also runs his own tech blog, AlamedaTech.com, while he looks to remain busy in the tech world.

Related Tags

Newsletter Subscription

Latest News

View More News

Latest Reviews

View More Reviews

Latest Articles

View More Articles