“A Secure Document was sent to you by your financial institute using Google Docs.”

A latest phishing attack type has been reported recently, which pretends to be a “Secure Document” being sent to users via Google Docs. As many organizations had started using the Google cloud and other cloud services, such phishing attacks will remain a threat.

One such email reads :

Hello,
A Secure Document was sent to you by your financial institute using Google Docs.
Follow the link below to visit Google Docs webpage to view your Document
Follow Here. The Document is said to be important.
Regards.
Happy Emailing,
The Gmail Team

image: The ‘Secure Document’ Phishing email

If an unlucky user clicks the link, he will be redirected to a phishing page hosted in Thailand. The page asks for user’s Google credentials as well as it will accept Yahoo!, Outlook.com, Hotmail, AOL or any other email account.

image: The Trap Page

Filling out this ‘page’ will finish the user’s control over his ID. The details will be sent to the compromised servers. Some people may think that even if their Gmail account has been compromised, it doesn’t have any data which could potentially affect them.

image: The Code Behind The Trap Page

[advt]But this is where the people think wrong and the cyber criminals win. Most of the time, the email is the key to unlock one’s online identity like banking passwords, cloud services, accounts with online shops, accounts with government services etc.

To avoid being a victim of such attacks, do create shortcuts in the web browsers for all sensitive services so that if one needs to access personal email, bank or other online service, they can click the favorite and save themselves from being compromised to such attacks.

Be the first to comment

Leave a Reply