Phishing Email Alerts
Catch of the Day: Google Docs Phish
Chef’s Special: Diet Plate
Examples of clever phish that made it past my spam filters and into my Inbox, or from clients, or reliable sources on the Internet.
I would be delighted to accept suspicious phishing examples from you. Please forward your email to email@example.com.
My intention is to provide a warning, examples of current phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your own inbox. If the pictures are too small or extend off the page, double-clicking on them will open them up in a photo viewer app.
It seems that my phisher phriends must be on summer vacation, or “holiday” as they say in Europe. I have nothing in the nets this week.
Attackers are using a new technique to exploit Google Docs for phishing attacks, according to researchers at Avanan. The attackers take advantage of the fact that Google Docs automatically renders HTML code, so a Google doc can act as a landing page to direct the user to the real phishing page. The researchers describe one example in which the doc appeared to be a file share page.
“This Google Docs page may look familiar to those who share Google Docs outside of their organization,” Avanan says. “This, however, isn’t that page. It’s a custom HTML page made to look like that familiar Google Docs share page.
The attacker wants the victim to “Click here to download the document” and once the victim clicks on that link, they will be redirected to the actual malicious phishing website where their credentials will be stolen through another webpage made to look like the Google login portal.”