An Abney Associates Tech Tips: Effective Google Drive phishing scam returns

Effective Google Drive phishing scam returns, but contains a revealing gaffe

An Abney Associates Tech Tips: A particularly crafty and effective Google Drive phishing scam that was originally spotted by Symantec researchers back in March has experienced a resurgence here in May, but with one key difference – a page corruption that may set off red flags for would-be victims.

The same phishers seem to be at work here, Satnam Narang, a Symantec researcher, told SCMagazine.com in a Thursday email correspondence, explaining that, like before, users are directed to a phony Google Drive login page if they click on a link in an email with “Documents” as the subject.

Credentials are compromised if submitted on the phishing page and victims are then redirected to an actual document hosted on Google Drive, but careful users that look at the bottom right of the phony website, by the option to choose languages, may be tipped off to the scam due to a glaring issue.

“The options within the language selection box at the bottom of the page are corrupted,” Narang said. A Wednesday blog post by Nick Johnston, a Symantec researcher, contains pictures that show how most language names are bookended by question marks. Related Infotech Update!

Aside from the question mark gaffe, the scam is particularly convincing because it uses the actual Google Drive platform, which serves up the phishing website over SSL, according to the post. Google did not immediately respond to a SCMagazine.com request for comment on why phishing pages could be served up this way.

Narang said that enabling two-step verification should help prevent unauthorized access to accounts.

“Getting user Google account credentials opens the door to [many services, including] Gmail, Google Drive, Google Plus [and] Google Wallet,” Narang said. “And that email can be used to reset passwords for other services you might use.”

In another Google Drive scam recently observed by Symantec, victims were redirected to a Brazilian website hosting a trojan detected as ‘Trojan Horse,’ Narang added.

Advertisements
This entry was posted in Internet and Technology and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s