English

‘Confidential Document’ Google Docs Phishing Scam

April 6, 20190

Outline

Email asks the recipient to click a link to view an important confidential document in Google Docs.  




Brief Analysis

The message is a scam designed to steal Google Account Login details. The link leads to a fake Google Account login page. Login details submitted on the fake page will be collected by criminals and used to hijack real Google accounts.

Example

Subject: Confidential Document

Please view the document i uploaded for you using Google docs.  Click here  just sign in with your email to view the document its very important.

Thank you.

Detailed Analysis

According to this email, an important and confidential document has been uploaded to Google Docs for the recipient to view. The recipient is invited to click a link and sign in with his or her Google account login details in order to read the message.

However, the link does not lead to a Google document, confidential or otherwise. In fact, the message is a rather crude  phishing scam  designed to trick recipients into revealing their Google account details to Internet criminals. Those who click the link will be taken to a fake Google login page as shown in the following screen shot:
Google Docs Phishing Scam
The login details submitted on the fake form will be collected by criminals and used to hijack Google accounts belonging to victims. Once armed with this information, the criminals will be able to access multiple Google services owned by the victim, including Gmail, Google Drive, Google+, Youtube and others. The criminals can then use these hijacked accounts to pose as their victims and launch  ongoing spam and scam attacks. They will also be able to access and misuse private information stored in these services.



Although it is quite an unsophisticated attempt, this scam may nevertheless trick some less experienced or unwary users into complying with instructions and logging in on the fake site. Some may be so curious to see the ‘confidential document’ that they follow the link without due forethought.

It is always safest to login to any and all of your online accounts by entering the address into your browser’s address bar rather than by clicking a link in an email.









Original Source : https://www.hoax-slayer.net/confidential-document-google-docs-phishing-scam/