Issue 151 - April, 2013 (1st Edition) - Page 23
'Confidential Document' Google Docs Phishing Scam
Email asks the recipient to click a link to view an important confidential document in Google Docs.
The message is a scam designed to steal Google Account Login details.
The link leads to a fake Google Account login page. Login details submitted on the fake page will be collected by criminals and used to hijack real Google accounts.
Subject: Confidential Document
Please view the document i uploaded for you using Google docs. Click here just sign in with your email to view the document its very important.
According to this email, an important and confidential document has been uploaded to Google Docs for the recipient to view. The recipient is invited to click a link and sign in with his or her Google account login details in order to read the message.
However, the link does not lead to a Google document, confidential or otherwise. In fact, the message is a rather crude phishing scam
designed to trick recipients into revealing their Google account details to Internet criminals. Those who click the link will be taken to a fake Google login page as shown in the following screen shot:
The login details submitted on the fake form will be collected by criminals and used to hijack Google accounts belonging to victims. Once armed with this information, the criminals will be able to access multiple Google services owned by the victim, including Gmail, Google Drive, Google+, Youtube and others. The criminals can then use these hijacked accounts to pose as their victims and launch ongoing spam and scam attacks
. They will also be able to access and misuse private information stored in these services.
Although it is quite an unsophisticated attempt, this scam may nevertheless trick some less experienced or unwary users into complying with instructions and logging in on the fake site. Some may be so curious to see the "confidential document" that they follow the link without due forethought.
It is always safest to login to any and all of your online accounts by entering the address into your browser's address bar rather than by clicking a link in an email.
Last updated: March 18, 2013
First published: March 18, 2013
By Brett M. Christensen
Pages in this issue:
- Viral Facebook Message Falsely Claims that a Pictured Man is Posing as an RSPCA Officer and Stealing Dogs
- 'Bad Brit' - Nigel Farage and the Tory Party's Worst Nightmare
- Digital Pad ATM Skimming Device Warning
- UK National Lottery Scams
- Gun Owner Vehicle Tagging Hoax
- Carol's Story - Dating Scam
- Message Calls For Boycott of Starbucks For Its 'Attack on Traditional Marriage'
- Ransomware Warning
- Use Left Ear For Mobile Phone Hoax
- Bogus Warning - White Transit Van 'RH57 WSU' Trying To Steal Dogs
- Urban Legend - Couple Arrested at Airport with Dead Baby Stuffed With Drugs
- ACH Processing Service Malware Email
- Baby With Bong Protest Message
- Linda Singh - Blackberry Money for Forwarding Hoax
- Hoax - 'Punjab Rape Festival'
- Beware - 'Unsealed' Product Giveaways on Facebook
- DHL Notification Malware Email
- Fake CNN Emails About Pope Point to Malware
- Angolan Witch Spider - Giant Spider Hoax
- Bogus Health Warning - Scratch Card 'Silver Nitro Oxide' Coating Causes Skin Cancer
- March 2013 - Five Fridays, Five Saturdays, Five Sundays
- Australian Tax Refund Scam Email
- 'Confidential Document' Google Docs Phishing Scam