Sophisticated Google Drive phishing campaign persists
Posted on 22 May 2014.
Symantec researchers are once again warning about a sophisticated and persistent phishing campaign targeting Google users.

The victims are hit with fake emails sporting a subject line that simply says "Documents" and carry a link to the phishing page.

"This scam is more effective than the millions of phishing messages we see every day because the Google Drive phishing page is actually served over SSL from the legitimate Google Drive service itself," they warn.

The corrupted language names in the bottom right drop-down menu are not enough to alert most users to the spoofed nature of the page, as they will most likely believe that it's simply a bug - if they notice the menu at all.

"This script has the same name (performact.php) that we saw in the original Google Docs and Google Drive phishing scam, suggesting that the same group of attackers (or at least the same phishing kit) is involved," the researchers noted.

The danger is even bigger now than before. "Shortly after we published our original blog post, Google reduced prices for Google Drive significantly which surely increased the number of people at risk. Smartphones are now also being sold with premium Google Drive accounts pre-installed, making Google Drive an even more enticing phishing target," they added.

Users who enter their login credentials in this phishing page will not only have them compromised, but will also be redirected to compromised Brazilian website hosting a Trojan, and possibly get infected with malware, too.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st