Secure Google Docs email results in mailbox compromise

GDocs170A large scale phishing attack has been making the rounds this week pretending to be a “Secure Document” being sent to you via Google Docs.

While those of us in the security industry might not be surprised, phishing attacks are consistently proving themselves to one of the most effective ways to evade traditional defenses.

As many organizations move to the Google cloud, this type of phishing lure will continue to yield results for the criminals.


The email reads:

A Secure Document was sent to you by your financial institute using Google Docs.
Follow the link below to visit Google Docs webpage to view your Document
Follow Here. The Document is said to be important.
Happy Emailing,
The Gmail Team

Phishing emails aren’t exactly rare, but this one caught my eye. In addition to being a somewhat plausible lure, it is an equal opportunity exploit.

If you click the link you are presented with a phishing page hosted in Thailand.

The page not only asks for your Google credentials, it also suggests it will accept Yahoo!,, Hotmail, AOL, Comcast, Verizon, or any other email account.


Of course, filling out this form can only end in tears. Your details are sent off to the compromised servers for whatever purposes these thieves desire.


You might think, “So what? My Gmail isn’t full of secrets that will destroy my nation/life/career.”

You would likely be wrong, because your email is the key to unlocking much of your online identity.

Forget your banking password? No worries, they will email you a password reset link.

Does your company utilize cloud services? Your email account is likely key to accessing these systems.

Phishing is an amazingly successful technique.

Just ask the Syrian Electronic Army, who with little technical talent have been able to compromise some of the most powerful media organizations in the world.

As an IT administrator, these are opportunities to educate your staff on the risks.

This might not be the most convincing of the phishes that are out there, but it is a useful tool to educate your staff.

Many organizations are using Google and other cloud service providers to provide critical IT services. At first glance this could be very believable.

What do I do to avoid being a victim? I create shortcuts in my browser for all sensitive services.

If I need to access my email, bank or other online service, I don’t click the link; I click the favourite.