Phony Google Drive site tries to Phish multiple domains

by Phishing

I received the email below from a friend whose Gmail account had clearly been compromised (followed by an apology email from the same friend).

The email includes a link to sign into Google docs to view a “very important” document.  Clicking on the link leads to a somewhat convincing page with login options for a variety of domains/services including Gmail, Yahoo, Windows Live, AOL, and if these are not covered, then any other account.

 

Google-docs phishing email

Clicking on any of the icons pops up the grey login box shown in the screenshot below.  We define such a page as “greedy phishing” (this is an unofficial definition) as the phishers are not content with only stealing credentials to one site.

The page was stored on a compromised website (frontroom.org.uk) that continued to function as usual while the phishing page ran within the site.

Google-docs phishing email destination website

 

Go back