Sophisticated Google Drive phishing campaign persists
Posted on 22 May 2014.
Symantec researchers are once again warning about a sophisticated and persistent phishing campaign targeting Google users.

The victims are hit with fake emails sporting a subject line that simply says "Documents" and carry a link to the phishing page.

"This scam is more effective than the millions of phishing messages we see every day because the Google Drive phishing page is actually served over SSL from the legitimate Google Drive service itself," they warn.


The corrupted language names in the bottom right drop-down menu are not enough to alert most users to the spoofed nature of the page, as they will most likely believe that it's simply a bug - if they notice the menu at all.

"This script has the same name (performact.php) that we saw in the original Google Docs and Google Drive phishing scam, suggesting that the same group of attackers (or at least the same phishing kit) is involved," the researchers noted.

The danger is even bigger now than before. "Shortly after we published our original blog post, Google reduced prices for Google Drive significantly which surely increased the number of people at risk. Smartphones are now also being sold with premium Google Drive accounts pre-installed, making Google Drive an even more enticing phishing target," they added.

Users who enter their login credentials in this phishing page will not only have them compromised, but will also be redirected to compromised Brazilian website hosting a Trojan, and possibly get infected with malware, too.









Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //