Annamaria Montagnese 18 May 2016 15:27:59 AEST 2 MIN READ

Clever Google Docs Phishing Run Targets Australian Email Users

A Google Docs phishing email is now circulating. The scam appears to be sent from compromised Google accounts.

The email is being sent out to victims’ contact lists, increasing the level of trust by the recipient. These tactics are commonly used by cyber criminals to increase the likelihood of the emails being opened and actioned.

Here is a sample of the email that is currently circulating:


Google is a brand that is commonly used by cyber criminals, leveraging the trust that millions of users place in their relationship with Google.

What is interesting about the email that’s currently circulating is that the criminals have inserted an image which appears to be an attachment. The email copy advises recipients that there is a signed agreement attached to generate curiosity, hoping the recipient will click to download or open the attachment. However, it is not an actual PDF attachment, but rather an image of an attachment. Once clicked, users are routed to a phishing site purporting to be a Google login page.

Here is a sample of the phishing site:


The page looks professional and has no grammatical errors which are often tell-tale signs for wary users. Notice however that the URL is not the legitimate Google URL.

Once users have handed over their login credentials, they are redirected to a secondary phishing page which asks for their verification details. This gives the cyber criminals access to the user’s phone number or recovery email, so they can actually access their online Google account.


The email content is very basic, and is being sent from a legitimate source (Google) due to the compromised accounts being the sender. This makes the emails much harder to detect as spam by AV vendors who are looking for malicious email. This is where faster methods of detection like cloud email and web filtering for spam and malware can be more effective.

Benchmarking shows that when a new threat emerges, MailGuard is consistently between 2 hours and 48 hours ahead of the market in preventing fast­breaking or zero-­day attacks.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top