We watch millions phishing μηνύματα κάθε μέρα, αλλά πρόσφατα ένα ξεχώρισε: μια εξελιγμένη απάτη με στόχο τα διαπιστευτήρια σύνδεσης των χρηστών του Google Docs και του Google Drive. Την απάτη την ανακάλυψε πρόσφατα η Symantec.
Fraud comes by e-mail, it has a simple "Documents" theme and invites the recipient to see an important document in Google Docs by clicking on the link included.
Of course, o link it doesn't go to Google Docs, but it supposedly takes you to Google, presenting a very convincing fake Google Docs login page:
The fake page is hosted on Google servers and is served through SSL, making the page even more convincing. Fraudsters have just created a public folder within a Google Drive account, uploaded a file, used the Google Drive Preview feature, and got a publicly accessible URL that they include in their messages.
This login page will look familiar to many Google users as it is now used across all of them services of Google. It mentions which service it gives access to, but that's a subtlety that many won't notice.
Αν κάποιος πατήσει το "Σύνδεση ", τα διαπιστευτήρια του χρήστη αποστέλλονται σε ένα PHP script που βρίσκεται σε έναν hacked web server.
This page then redirects to a real Google Docs document, making the whole attack very convincing. Google accounts are a valuable goal for phishers, since they can use them to access many services.