Google Drive Spear Phishing Email Spam Attack

Posted by Daniel Graziano on 15 September 2015 09:56:00 AEST

MailGuard have identified and successfully blocked a Google Drive email spear phishing scam leveraging the trust of Google users. 

Spear phishing scams prove successful as they appear to be from individuals or businesses you know and trust. A large scale phishing email attack is currently circulating, purporting to be a “secure document’ distributed by compromised users.

Here is a screenshot of the type of email to watch out for:

google-apps-compromised-user-phishing-scam-example

In the example above, the email appears to originate from a sender that recipients may be expecting to hear from, or trust in accepting information from. Considering we have blocked all details for the privacy of this compromised user, we will refer to this person as ‘Bob’.

Bob has had his email address compromised, possibly through the same phishing attack as that described above. MailGuard can make the assumption that Bob received the initial spear phishing email from someone within his address book that was previously compromised by the same Google Drive invitation. Bob hasn’t just forfeited his Google account login details and left himself extremely vulnerable to identity theft – his account has also been hijacked to distribute the scam to other vulnerable victims.

Clicking the ‘click to view’ button takes you through to a phishing website which looks like a legitimate Google login screen. Notice the URL ‘globalsupplies.com.mx’ in the example below. 

google-apps-compromised-user-phishing-scam-login-screen 

Once the user opts to ‘sign in’ (entering their email address and password), they are redirected to a publically hosted legitimate Google Drive document. A PHP script records the details entered on a compromised web server.

As you can see in the example we have provided below, the top right of the web page offers the option for users to ‘sign in’. It is now clear that the user has not actually signed in to their Google account via the login form. They are still logged out of Google and have unknowingly given away their login credentials. 

google-apps-compromised-user-phishing-scam

How To Avoid and Stop Phishing Attacks

  • Look at the URL. More advanced phishing scams typically do a very good job at impersonating an official URL. An educated user would be able to immediately identify this example as a scam with a quick glance at the URL.

  • Use common sense. This particular scam offers a dropdown selection of email service providers before gaining access to a secure GOOGLE document. You would never be able to sign in to a Hotmail account via a Google login page, for instance.

Need more tips for identifying fake emails? You can find out more at our blog Don’t Click That! Your Guide To Cyber-attacks And Tips For Being Cyber Safe Within Your Business.

Educating staff and employing cloud-based email filtering and web filtering, complimented by multilayered defences including desktop antivirus, anti-malware and anti-spyware will go a long way to mitigating the risk from a wide range of email and web borne malware attacks. 


Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top

Topics: Phishing Google Docs

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all