Phishing scam aimed at Google Docs, Drive users

Teri RobinsonMarch 14, 2014

Symantec has uncovered a phishing scam aimed at Google Docs and Google Drive users, according to a blog post by Nick Johnston.

Users are sent an email with the word “Documents” as the subject and told to click a link to view a document on Google Docs. They are then taken to a phony login page that mimics the one used for Google's online services. Log-in credentials are forwarded to a PHP script on a compromised server while the user is directed to a real Google Docs document. The scam is convincing, Johnston wrote, because the fake page is "hosted on Google's servers and served over SSL.”

The phony page was generated by creating a folder inside a Google Drive account, then setting it to public and uploading a file. A URL is obtained by using Google Drive's preview feature.

Teri Robinson

Vulnerability Management

‘MadMxShell’ leverages Google Ads to deploy malware via Windows backdoor

Steve ZurierApril 18, 2024

Security pros say using Windows backdoor in a malvertising campaign could expose companies to other malware attacks.

Network Security

DDoS attacks spike in first quarter

SC StaffApril 17, 2024

Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.

Close up the triple-lens camera on the iPhone 13 Pro Max Seirra Blue and Graphite Color on white background.

Application security

Updated LightSpy spyware targeted at South Asia

SC StaffApril 17, 2024

Security Affairs reports that attacks with an updated iteration of the LightSpy iOS spyware using the "F_Warehouse" framework have been deployed against Southern Asian targets as part of a new cyberespionage campaign.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news