Tuesday, 10 September 2013

Google Docs Phishing Attack Puts All Your Online Data at Risk

Just over a week ago, we warned you about putting all your digital eggs in one service provider's basket. This week, the universe decided to back up our argument as cyber-scammers unleashed a large-scale phishing attack that pretended to be a "Secure Document" sent through Google Docs.  

The email reads:

Hello, A Secure Document was sent to you by your financial institute using Google Docs. Follow the link below to visit Google Docs webpage to view your Document Follow Here. The Document is said to be important. Regards. Happy Emailing, The Gmail Team 

Readers who click the link in the email are taken to a fraudulent Google login page that's actually hosted in Thailand. The page asks users to input their email address and password. Bonus: according to the fake login page, Google Docs now supports users from other email providers including Yahoo!, AOL, Hotmail, and others; so phishees can feel free to submit any email address they might have. Unfortunately, as the Sophos researchers who discovered the attack put it, filling out the form "can only end in tears."

Remember, falling for an attack like this doesn't just put your email at risk. Many services including online banking use your email address to verify your identity when you forget your password or username, so in many instances, unauthorized email access can put other data in jeopardy. Furthermore, as we previously mentioned, many users treat Google as a hub for their digital content with services like Google Docs and Google Calendar. If you have sensitive data in either of these services, you've just been compromised.

No comments:

Post a Comment