Beware: Google Docs Phishing Emails are circulating

Google Docs Phishing Emails are used by cybercriminals and hackers to obtain credentials from unaware Google Docs users. The cybercriminals and hackers send thousands of Google Docs Phishing Emails daily in the hope to gain credentials from valuable targets.

The Google Docs Phishing Emails which target random people can be identified as phishing emails as they do not target a specific range of people or companies. The Google Docs Spear Phishing Emails are the most dangerous ones on the internet, these spear phishing emails are crafted by cybercriminals or hackers to target specific environments or companies.

google docs phishing 2015
google docs phishing 2015

Google Docs Spear Phishing emails

The Google Docs Spear Phishing Emails are often crafted after the cybercriminals and hackers have obtained information through open source intelligence methods. These methods urge the hackers and cybercriminals to take a look at the social media accounts of possible targets and so on. It is for this reason that security professionals urge their clients, brothers and sisters to secure their social media accounts.

spear phishing
spear phishing

McAfee on Google Docs Phishing Email Scams

The McAfee Security company has published a blog post on Google Docs Phishing Email scams, in the blog post they explain that the Google Docs environment has a daily user rate of 425 million active users and that it means that the cybercriminals and hackers have a very big environment to target.

The McAfee Security team has had contact with the Google security team, and from their conversation they had made the following points:

  • Double check your URL address
  • Don’t Send banking or login information via email or text
  • Watch the links
  • Install comprehensive security software

The points above will allow you to add an extra security layer against phishing attacks which might target you or your (working) environment. There is a lot of information which you can find on the McAfee Security blog, the guys from McAfee write security blogs which can be read by all ages, the topics are often explained very well.

Symantec on Google Docs email scams

The Symantec Security blogger Nick Johnston had reported a Google Docs phishing page which was loaded in a SSL protected website, the page loaded the fake Google login page from a specific crafted Google Docs environment which was set to public and they used a fake domain to increase the phishing hit rate. The Symantec blog continues to explain that once the target had provided their credentials to the Google Phishing page, that they would be redirected to the official Google Docs page, making the Phishing attack very convincing and difficult to identify for unaware users. The Symantec blog often provides insight in advanced persistent threats that target companies and government environments. It is a very good resource for security topics.

Sophos on Google Docs phishing emails

The Sophos security blogger Chester Wisniewski had published a report on a Google Docs phishing attack which claimed to be a “Secure Document” which was being sent to the target via Google Docs.

The Google Docs phishing email contained the following text

Hello,

A Secure Document was sent to you by your financial institute using Google Docs.

Follow the link below to visit Google Docs webpage to view your Document

Follow Here. The Document is said to be important.

Regards.

Happy Emailing,

The Gmail Team

The Follow here text was marked with an hyperlink, which would send the unaware user to a malicious phishing page. Surprisingly, this phishing page did not only accept Google accounts, it also accepted(phished) the following accounts:

  • Yahoo
  • Outlook
  • Hotmail
  • AOL
  • Comcast
  • Verizon

The security blogger explained that he used shortcuts on his desktop for his important services, in this way he would be 100% certain that he would land on the official environment. He then would check the official environment for new messages or documents.

Google Docs Phishing examples

#1

Subject: VITAL NEWSLETTER Hello, I uploaded this vital newsletter using my google doc. For immediate access CLICK HERE Sign in with your email.
Subject: VITAL NEWSLETTER
Hello,
I uploaded this vital newsletter using my google doc. For immediate access CLICK HERE
Sign in with your email.

#2

Hello, Please view the document i uploaded for you using Google docs, CLICK HERE and just sign in with your email to view the document its very important
Hello,
Please view the document i uploaded for you using Google docs, CLICK HERE and just sign in with your email to view the document its very important

#3

Subject: RE Important Document Hello, Here is the document i told you about,i sent it in a more secured way, CLICK HERE. and log in with your email for immediate access and more information.
Subject: RE Important Document
Hello,
Here is the document i told you about,i sent it in a more secured way, CLICK HERE. and log in with your email for immediate access and more information.

#4

Subject: Document Incoming Google drive document awaiting you
Subject: Document
Incoming Google drive document awaiting you

Impact of phishing emails

If you have received an phishing email, then directly report this to the security team, if you are a private user, then make sure that you mark the email as malicious in your email client. An phishing email can have a high impact on any environment if successful, the hackers and/or cybercriminals which are behind an phishing campaign will use any type of information they gain to allow them to move further in their campaign. It is possible that you are aware of Google Docs phishing attacks, but it might be possible that your environment or colleagues are not. So it is wise to share the information with your environment, so they can be extra vigilant. You can also take a look at this social media security tutorial on how to protect your accounts.

If you have additional information, please leave the information in the comment section below.