Home Google Docs Host Phishing Sites

Google Docs Host Phishing Sites

The security researchers at F-Secure have discovered several phishing sites hosted on Google Docs, Google’s online office suite. This is not an uncommon occurrence, it seems. According to a new blog post on the security firm’s site, the team says “we regularly see phishing sites via Google Docs spreadsheets and hosted on spreadsheets.google.com.”

The dangerous thing about these attacks is that they’re hosted on a google.com domain, which gives these nefarious pages an air of legitimacy. One form even had the researchers themselves stumped as to whether it was phishing or not!

Because the phishing sites are on the google.com domain, they have a valid SSL (secure sockets layer) certificate. In other words, your Web browser won’t be able to warn you that you’re about to proceed to an untrustworthy, unsafe site, as many browsers do today, including Google Chrome. Instead, a click on the green icon in the address bar will confirm that “the identity of this website has been verified by Google Internet Authority.”

While researching the many examples of Docs-hosted phishing sites, the F-Secure researchers came across this form (see below), which asks for your Google Voice number, email address and the secret PIN code on your account. It appears to be a phishing site, but oddly, at least one Google employee was found to have linked to the form on online Help forums.

This stumped the researchers, who then turned to Twitter to ask their followers what they thought. Tweets Mikko H. Hypponen, F-Secure’s CRO:

“The consensus on Twitter seems to be that the weird page on google.com is a phishing site. The jury’s still out though.”

Writes one commenter on the original blog post: “I must say kudos to Google for anonymizing so well the form, there’s no way to tell who made it.” Uh-oh, Google.

As of now, it’s still unknown whether this form is a phishing attack or a real form used by Google in the past. If you want to try to figure it out on your own, the F-Secure blog post provides a link to the form. We won’t link to it ourselves, as a precaution.

Update: The following was just added to the F-Secure website:

Updated to add: We got contacted by a Google employee.

They informed us that, surprisingly, the questionable page is indeed the official Google form to request Google Voice account transfer. They also told us to remove all references to the form in this blog post. But I’m afraid we can’t do that.

Image credits: F-Secure

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.