Phishers exploit Google Docs with Gmail de-activation alert

Filed Under: Data loss, Phishing, Privacy, Spam

The Gmail database is not congested, and Google is not asking users to confirm that their accounts are still active.

But, it seems that scammers are hoping that you might believe that's true, according to one of the latest phishing attacks that has been spammed across the net.

Here's what a typical email looks like:

Google Docs phishing message

Subject: De-Activation Alert!

Message body:
Dear Gmail Account User,

Due to the congestion in our Gmail database, We will be shutting down all unused accounts before on the 30th of June. You will have to re-confirm your account as soon as possible to enable us upgrade your account before the deadline date.
To confirm your account kindly fill the account verification form.

After Following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request.
[LINK]

We apologize for any inconvenience.
Thanks & Regards,
Engineer.J.Williams
Upgrade Team Controller

As the link does point to a webpage hosted somewhere on Google.com, some computer users may believe that the form they are being directed to must be genuine. However, it is actually pointing to a spreadsheet on Google Docs - pages which can be created by any Tom, Dick or Harry.

And, in this case, a "Google account verification form" is attempting to trick you into handing over personal information - such as your name, full date of birth and password.

Google Docs phishing site

The eagle-eyed might spot the spelling mistake in the form ("confrim" rather than "confirm") but you can hardly rely on the phishers making errors like that as a way of protecting yourself.

Google DocsWhy are the scammers using Google Docs to host their phishing pages?

Well, they hope that potential victims will believe it's a genuine Google resource as it is hosted at an authentic Google URL, and that rudimentary security software won't feel comfortable blocking the entire google.com domain. (Of course, good security software is smarter than this).

Users shouldn't forget that a site like Gmail knows if you have been using it recently or not - because every time you log in or send an email a record is kept somewhere inside the Googleplex.

Not that Google is likely to run out of any storage space or plan to shut down any dormant email accounts any time soon by my reckoning..

Hat-tip: Thanks to Naked Security reader Guido for sending us a tip about this scam.

, , ,

You might like

6 Responses to Phishers exploit Google Docs with Gmail de-activation alert

  1. Lisa Ann Landry · 1232 days ago

    I got a similar type message on my yahoo account - that it was going to be deactivated. Thanks for letting us know about this scam.

  2. NotHazard · 1228 days ago

    Spammers/phishers should hire an English consultant, it would probably increase the effectiveness.

  3. Mich071 · 1227 days ago

    So who really made this? Tom Dick or Harry? lol =D

  4. Mich071 · 1227 days ago

    It seems to be aimed at Americans or made by an American also. My country does not use a ZIP code nor do I think a lot of countries do. Or at least I don't think most countries call it a zip code.

  5. Derek · 1007 days ago

    Yeah users "should" know better that Gmail tracks your log in information but believe me they don't. Also users should ALWAYS ALWAYS ALWAYS know NEVER to give password to support even if they ask. A good support team knows not to ask because they can reset passwords. Not to mention almost all passwords are encrypted so what would they need your password for anyways?

  6. Another good trick if you're in doubt is to enter the wrong password. If the website accepts it as good, you know it's a phishing scam.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.