Phishing e Google Docs

Tenho recebido vários mails de phishing ("A sua password estás quase a expirar blá blá") em que pedem para aceder a uma página no Google Docs. Duas explicações:

Spammers Now Phishing via Google Docs

"In a new SecureList blog post, Kaspersky Lab researcher Vicente Diaz has described a new frontier in a relatively old online scam. Phishers, tired of building fake websites to lure victims into unintentionally giving away email addresses, passwords or even financial information are beginning to use Google Docs to siphon data from the unwary.

This approach makes it easy for spammers to bypass filters, as emails with links to a shared Google document don’t get flagged, giving the recipient the illusion that the message is legit.

Mr. Diaz writes that tricking someone into entering personal data into a sketchy Google Doc is only “the tip of the iceberg”:

Google Docs allows hosting other contents such as executable files in different formats, resulting in a very convenient and free hosting service for malicious content. As a bonus the connection is HTTPS by default, making it even more convenient for cybercriminals the use of this service.


Fonte: NakedSecurity