Phishing E-mail for Grabbing Account Login Details within Google Documents: MX Lab

According to MX Lab, security researchers have detected phishing e-mails that are designed to obtain login credentials of victims' e-mail accounts within the layout of Google Docs apparently through one request for supplying certain product.

Displaying a header "RE: Urgent Order," the malicious e-mail has its sender's address as "David Brown businessdb0@mail.com."

It (electronic mail) tells the recipient that the sender thinks while there maybe slight problem regarding unfolding the attachment wherein a product sample was requested, the latter has been decided that one Google Doc A/C be created. Now it's urged that the reader send the product immediately while the sender is prepared for making the entire payment once a mutual agreement takes place.

Following this, the e-mail requests the reader for accessing the sender's Google document site where the product is displayed. But first the user must sign in for seeing that product. And incase he doesn't own a Google/Yahoo account, he's free to use any other for the signing in exercise. The user can also e-mail or telephone the sender party soon. Additionally, he may copy alternatively click on the URL link given in the e-mail, the message states.

Significantly, according to security researchers, most end-users may find the e-mail confusing, however, it maybe perceptible to employees of businesses which trade their products over the Internet.

Meanwhile, following the web-link can lead victims onto one real Google Docs page, a trick, which possibly greatly enables to eschew anti-spam filters.

Further, as different from similar such malicious campaigns Google Docs hasn't been used to host the phishing site rather the document merely carries one web-link leading onto a shady site.

Here, victims are directed for choosing the e-mail provider (AOL, Yahoo, Google, Windows Live etc.) with which they've an account and key in personal username/password. And soon after the requested details are provided, the end-user lands on another Google Docs page which displays the fictitious product request.

Conclusively, MX Lab advises Internauts that if they receive the above kind of e-mail along with its phishing URL they must ignore it wholly. But suppose one's already victimized then he should reset all his account passwords.

Related article: Phishing Attacks, Growing in Sophistication

» SPAMfighter News - 3/21/2013