An Abney Associates Tech Tips:
A particularly crafty and effective Google Drive phishing scam that was
originally spotted by Symantec researchers back in March has experienced a
resurgence here in May, but with one key difference – a page corruption that
may set off red flags for would-be victims.
The same phishers seem to be
at work here, Satnam Narang, a Symantec researcher, told SCMagazine.com in a
Thursday email correspondence, explaining that, like before, users are directed
to a phony Google Drive login page if they click on a link in an email with
“Documents” as the subject.
Credentials are compromised if
submitted on the phishing page and victims are then redirected to an actual
document hosted on Google Drive, but careful users that look at the bottom
right of the phony website, by the option to choose languages, may be tipped
off to the scam due to a glaring issue.
“The options within the
language selection box at the bottom of the page are corrupted,” Narang said. A
Wednesday blog post by Nick Johnston, a Symantec researcher, contains pictures
that show how most language names are bookended by question marks. Related Infotech Update!
Aside from the question mark
gaffe, the scam is particularly convincing because it uses the actual Google
Drive platform, which serves up the phishing website over SSL, according to the
post. Google did not immediately respond to a SCMagazine.com request for
comment on why phishing pages could be served up this way.
Narang said that enabling
two-step verification should help prevent unauthorized access to accounts.
“Getting user Google account
credentials opens the door to [many services, including] Gmail, Google Drive,
Google Plus [and] Google Wallet,” Narang said. “And that email can be used to
reset passwords for other services you might use.”
In another Google Drive scam
recently observed by Symantec, victims were redirected to a Brazilian website
hosting a trojan detected as ‘Trojan Horse,' Narang added.
0 comments:
Post a Comment