Skip to main content

Google Docs Exploited in Gmail De-activation Phishing Scam

Phishing mails asking users to enter their account username and password for “verification” in order to avoid dire consequences is all too common. As anyone who knows the basic anti-phishing procedures will tell you, one of the primary things to look out for is the domain where the verification page takes you to. In all phishing attempts, this is always hosted on an outside site.

But in a recent phishing scam brought to light by security firm Sophos, phishers are attempting to overcome this precaution by using Google Docs to host their phishing forms.

Here's what the message looks like:


Subject: De-Activation Alert!

Dear Gmail Account User,

Due to the congestion in our Gmail database, We will be shutting down all unused accounts before on the 30th of June. You will have to re-confirm your account as soon as possible to enable us upgrade your account before the deadline date.

To confirm your account kindly fill the account verification form.

After Following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request.

We apologize for any inconvenience.
Thanks & Regards,
Upgrade Team Controller

If you pay close attention, there are already a few instances that should send your warning bells ringing, such as the improper capitalization of “Following” and grammatical mistake in the phrase “before on the 30th of June”. Even “Upgrade Team Controller” doesn’t sound quite right.

Assuming you missed those signs, there is still the URL to verify whether the email is legitimate. But as the link does point to a webpage hosted somewhere on, some computer users may believe that the form they are being directed to must be genuine. However, it is actually pointing to a spreadsheet on Google Docs that anybody can create.

By using Google Docs to host their form, phishers are hoping that potential victims will believe it's a genuine Google resource as it is hosted at an authentic Google URL.

As always, users shouldn't forget that no organization, be it Google or your bank, ever asks users to verify their accounts by giving them their passwords. If you receive such email you should ignore it.

[via Search Engine Journal]


Popular posts from this blog

How to Record CPU and Memory Usage Over Time in Windows?

Whenever the computer is lagging or some application is taking too long to respond, we usually fire up task manager and look under the Performance tab or under Processes to check on processor utilization or the amount of free memory available. The task manager is ideal for real-time analysis of CPU and memory utilization. It even displays a short history of CPU utilization in the form of a graph. You get a small time-window, about 30 seconds or so, depending on how large the viewing area is.

Diagram 101: Different Types of Diagrams and When To Use Them

Diagrams are a great way to visualize information and convey meaning. The problem is that there’s too many different types of diagrams, so it can be hard to know which ones you should use in any given situation. To help you out, we’ve created this diagram that lays out the 7 most common types of diagrams and when they’re best used:

How to Schedule Changes to Your Facebook Page Cover Photo

Facebook’s current layout, the so called Timeline, features a prominent, large cover photo that some people are using in a lot of different creative ways. Timeline is also available for Facebook Pages that people can use to promote their website or business or event. Although you can change the cover photo as often as you like, it’s meant to be static – something which you design and leave it for at least a few weeks or months like a redesigned website. However, there are times when you may want to change the cover photo frequently and periodically to match event dates or some special promotion that you are running or plan to run. So, here is how you can do that.