Today we have very interesting news about something we heard some days ago and that it is not being discussed. Symantec has informed about a phishing campaign that is used by Google Drive as bait for gaining information.
The trick is really simple, but very interesting at the same time, because it is very easy to be cheated. The user receives an email with a shared document. Once the user (that is being attacked) has clicked on the link, he is automatically redirected to a fake webpage that impersonates Google Drive’s login screen.
After entering the access credentials, this information is sent to a PHP script of a web server.
The special feature of this phishing is that the fake webpage is inside Google servers and it uses SSL (Secure Sockets Layer), so that you may think the webpage is real because is very similar to the original one.
Furthermore, after sending the access credentials, you are redirected to the real Google Drive in order to be unnoticed.
How do they do this? They have created a public folder in Google Drive and they have obtained a public URL by uploading a file. Thanks to this URL, they can send fraudulent messages.
Why do they attack Google and Gmail? Because both are very interesting for this kind of attacks, since the access to these services usually means the access to many other services where we are registered or where we have an account.
So if something similar happens to you, you should be suspicious. If you are already connected to your e-mail account, why do you have to put your credentials to access to Google Drive?
We hope you find this information useful.
Translate by: Cristina Serrano