Sophisticated Google Drive phishing campaign persists

Symantec researchers are once again warning about a sophisticated and persistent phishing campaign targeting Google users.

The victims are hit with fake emails sporting a subject line that simply says “Documents” and carry a link to the phishing page.

“This scam is more effective than the millions of phishing messages we see every day because the Google Drive phishing page is actually served over SSL from the legitimate Google Drive service itself,” they warn.

The corrupted language names in the bottom right drop-down menu are not enough to alert most users to the spoofed nature of the page, as they will most likely believe that it’s simply a bug – if they notice the menu at all.

“This script has the same name (performact.php) that we saw in the original Google Docs and Google Drive phishing scam, suggesting that the same group of attackers (or at least the same phishing kit) is involved,” the researchers noted.

The danger is even bigger now than before. “Shortly after we published our original blog post, Google reduced prices for Google Drive significantly which surely increased the number of people at risk. Smartphones are now also being sold with premium Google Drive accounts pre-installed, making Google Drive an even more enticing phishing target,” they added.

Users who enter their login credentials in this phishing page will not only have them compromised, but will also be redirected to compromised Brazilian website hosting a Trojan, and possibly get infected with malware, too.

Don't miss