You all are quite aware of phishing attacks, and for those who are not, Phishing scams are typically fraudulent email messages, masquerading as a well known and trustworthy entity in an attempt to gather personal and financial information from victims. However, phishing attacks have become more sophisticated recently.
The Pro-hacker group, Syrian Electronic Army (SEA) is also popular for its advance phishing attack and had purposely targeted twitter account and websites of various popular brands like Forbes, Microsoft, Obama, Facebook, CNN, eBay and PayPal in the past using phishing techniques.
Security researchers have seen an increase in the number of phishing attacks every day, but recently a tricky scam came across by the researchers at the Symantec, which is targeting Google Docs and Google Drive users.
Under this phishing scam, an email with a subject of "Documents", tricks recipient to view an ‘important document’ stored on the Google Docs by clicking the included link in the email. But supposed to be directed to important Google doc, the user is redirected to a fake login page, where he is required to enter his Google account information, i.e. Username and Password.
One just needs to create a folder on Google Drive to host the phishing site, so it shows the address bar of the browser to “google.com” and let the fake login page run on the preview function of Docs. This allows criminals to make use of SSL encryption of Google, to deceive the victim further.
"The fake page is actually hosted on Google's servers and is served over SSL, making the page even more convincing," Symantec security expert Nick Johnston explained. "The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly accessible URL to include in their messages."
It's really very common for the users to be prompted with a login page like this when accessing a Google Docs link and many of us may enter our credentials without a second thought. But, as soon as you enter the information and press "Sign in" button, a compromised web server with PHP script will receive and store your stolen credentials.
“This page then redirects to a real Google Docs document, making the whole attack very convincing. Google accounts are a valuable target for phishers, as they can be used to access many services including Gmail and Google Play, which can be used to purchase Android applications and content,” Johnston explained.
It is always recommended to login to any of your online accounts by entering the address into your browser's address bar rather than clicking a link in an unsolicited email and when any service required your login, have a close look that whether the request to click the link really makes sense or not.