Tuesday, 12 July 2011

Phishers Exploiting Google Cloud

Phishers are using Google Docs to trick users in revealing confidential information. This attack method works as follows: Phishers create forms to collect and summarize data in Google Spreadsheets and Docs. These forms, which phishers design to look as though they come from a legitimate third-party domain, such as a bank, provide places for victims to enter personal identification and log-on information.

Using built-in form functionality, phishers send email message to a list of prospective targets. The message contains a simple URL linking to the form. One giveaway that you're looking at a potential phishing form and not a trusted site is a URL that takes you to a spreadsheet.google.com address, containing the command word "formkey" at the end, follow by an equal sign and the form's randomly generated identifier link. Often the forms are protected by HTTPS, so it's difficult for organizations to intercept or inspect them.
Once a user fills out a form, his or her information is saved to the originator for easy viewing and sharing -- a detail that spammers especially enjoy.
You can find tons of phishing samples by doing an Internet search on the terms "inurl:formkey password site:spreadsheets.google.com," where the term "password" can be replaced by any term you think the phisher may include in the phishing form.

Many schools and universities use Google Docs, so these sorts of phishing attacks have disproportionately targeted the educational sector. Even if administrators wanted to block Google Docs spreadsheet forms, they can't. Their schools and businesses are often running on Google Docs, and right now it's difficult to separate the good from the bad.

No comments:

Post a Comment