Categories
Computer & Network Security|Social Engineering>Phishing

Highly effective social engineering using Google Drive

Researchers at Symantec have identified an attack on Google Documents users using highly effective social engineering methods. This attack is so successful because the redirect page is hosted on Google’s servers and comes in over SSL. The criminals used Google Drive’s preview function to get public facing URL’s. The sign in page is pictured below. Take a second and see if you can spot the flaw.

 

If you were sent an email request and directed here would have missed the Sign in to continue to Google Drive? My son’s school uses Google Doc’s for students and I know he would have missed it and entered his Login credentials. The moral of this story is to be conscious of how much personal information you store in any service with this much access to your life.