Requesting Sensitive Data Via Google Docs: Phishing Really is That Easy

Please leave your credit card number, its expiration date and security code, along with your full name and billing address in the comments section of this blog post. You’re obviously not going to do this. You know better, I know better, but there are those who don’t. So many, in fact, that scammers are not only comfortable with and willing to invest in scams no more or less complicated, but they are also confident that the scams will succeed.

Please leave your credit card number, its expiration date and security code, along with your full name and billing address in the comments section of this blog post. You’re obviously not going to do this. You know better, I know better, but there are those who don’t. So many, in fact, that scammers are not only comfortable with and willing to invest in scams no more or less complicated, but they are also confident that the scams will succeed.

Such is the case for a familiar social engineering campaign with a new twist. Securelist’s Vicente Diaz details an email-based scam in which attackers are attempting to pilfer various sensitive data simply by asking for it in a Google Doc attached to a phishing email. As has been a hallmark of traditional email-based phishing campaigns, the malicious link, which in this case leads to a Google Doc, is delivered via an email whose text is written in poorly constructed language. Diaz used an example written in Spanish.

Diaz initially thought the method was a novel one, but he quickly realized the Google Doc technique has already caught-on, in part because of the ease with which Google Docs bypass security products. Diaz notes that the method is also potent due to the seemingly legitimate appearance of Google Docs among victims.

Historically, the malicious links embedded in emails would lead to compromised websites serving malware or to domains masquerading as social media, banking, or other online login pages in order to steal credentials. However, in this case, the questionable link leads to a Google Doc, malicious only in its requests: asking for the usernames, email addresses, passwords, and dates of last access from its victims.

Diaz’s isn’t completely certain what the attackers are after, but he believes they are attempting to steal email authentication credentials.

For those of you unacquainted with how Google Docs work, recipients of a Doc input information, save it, and the updated document is automatically sent back to the Doc’s creator.

Diaz warns this is only the beginning. While Google Docs are a convenient medium for duping the unsuspecting into disclosing information they shouldn’t disclose, they are also convenient for hosting more malicious content like malware and executables.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.