Phishing emails impersonating Google Docs and Google Drive are ever so common, but this recent scam was cleverly designed to bypass traditional AV security.
The scam is distributed via compromised Google email accounts. Email recipients will be sent an email that appears to be sent legitimately from the compromised account owner.First to stop new attacks, MailGuard is consistently between 2 hours and 48 hours ahead of the market in preventing fast breaking attacks. Most on-premise or hybrid anti-virus vendors require software updates across multiple instances, which can take hours or even days, leaving clients vulnerable.
Here is a sample of one such Google Docs scam email – the sender name has been hidden.
The email is sent from a legitimate Google account, the headers are in place and the sender is not forged or obfuscated in any way.
The scam email is very basic and contains a .pdf attachment - it may take a while for anti-virus vendors to pick this up as malicious. The PDF however contains a link to a fake Google account phishing website.
Since the link is embedded in the PDF and not the email, it makes it more difficult and takes more effort to decipher content from within the attached documents and block them. PDF files are used legitimately, so they won't ever be treated as suspicious automatically. Antivirus vendors need to get submissions reported by their end users or partners to be told that the PDF files in question are potentially malicious.
The Phishing site above has a URL which is grandvisionbg.com and not at all close to the Google URL used for sign in.
Why is this type of email scam dangerous?
This scam is a standard phishing attempt where cyber criminals are trying to gain access to online file sharing accounts. They are then able to view, copy and steal information stored in the victim’s online account.
Please make email users in your company aware of this new phishing scam and advise them to look out for suspicious emails purporting to be from legitimate organisations.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.
