::Trend Micro Threat Resource Center::

01 June 2011

Phishing forms on Google Docs

Google Docs is a handy online service for creating various types of documents that are hosted by the company in their cloud and can be made accessible to the greater public.

But, as it turns out, the service is not only handy for regular users, but for phishers as well.

F-Secure has unearthed a number of spreadsheets with a form functionality that are apparently designed to act as phishing forms for webmail accounts upgrades, bug reporting, entering of student data and more.

What makes these spreadsheets particularly dangerous is the fact that they are hosted on spreadsheets.google.com, and that domain has a valid SSL certificate and a prominent padlock icon before the address in the URL bar.

This detail could easily fool unexperienced users into thinking they are safe in sharing their personal and financial information.

While digging around, the researchers have also stumbled upon a Google spreadsheet form that is the request form for a Google Voice account transfer, and they couldn't figure out if it was a phishing form or the real deal.

In the end, Google confirmed the validity of the form, but the researchers can be forgiven for thinking otherwise, since it requested the users' Google Voice number, e-mail address and secret PIN code.