Scam wars: Attack of the clones

If one may think that they have been on the Internet long enough to notice a scam/misleading links/offers etc. in the blink of an eye, then this new phishing scam might just prove them wrong.

On Thursday, Symantec had put such an elaborate scam in the limelight. In its blog it has come out with one  targeting Google Docs and Drive users.

The scam involves sending of a mail with the subject “Documents” and insists the recipient to view an important document on Google Docs by clicking on the included link. The link then directs the user to a fake Google Docs login page, which looks almost exactly like the original page, thus fooling the user to enter his/her login details.

Scam Page

 

phish_site_image.png

Actual Page

original.jpg

As evident from the screen shots above, there is hardly any difference between the two.

To add to it, the fake page is actually hosted on Google’s servers and is served over SSL. The scammers have created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive’s preview feature to get a publicly-accessible URL to include in their messages.

Once the user falls for the trick and logs in, his/her credentials are sent to a PHP script on a compromised web server, and the user gets redirected to an actual document to make the whole thing more convincing.

Considering that Google has ‘One account. All of Google’ policy, knowledge of a users’ credentials will give scammers an access to all other data, including social accounts, documents, contacts, and even phone data. If you think you have been scammed, change your password at the earliest, to avoid/minimise any theft of data.

To contact the author, write to sugandh@iamwire.com

Similar Read:  Rapid Prototyping for Designers
Category