Gmail deactivation spam run leads to phishing forms on Google Docs

A week ago, F-Secure researchers have uncovered a number of spreadsheets with a form functionality that are apparently designed to act as phishing forms.

Today, one of these forms has been spotted being used in an active phishing spam campaign targeting Gmail users:

As you can imagine, Google isn’t really shutting down unused Gmail accounts. Despite the spoofed “From” field, a couple of mistakes and things like using the informal “thanks” instead of “thank you” can tip off many users as to the real nature of this email.

According to Sophos, those users who have been duped into following the offered link and taken to a fake “Google account verification form” will probably provide requested information (name, email, password, date of birth, etc.), since the form is hosted on Google Docs. “Google Docs = Google. The form must be genuine,” is what they are likely to think.

As always, users are advised not to follow links offered in unsolicited emails – even if they do seem to come from services they use. In general, these legitimate services will not ask their users to do so.