Using built-in form functionality, phishers send email message to a list of prospective targets. The message contains a simple URL linking to the form. One giveaway that you're looking at a potential phishing form and not a trusted site is a URL that takes you to a spreadsheet.google.com address, containing the command word "formkey" at the end, follow by an equal sign and the form's randomly generated identifier link. Often the forms are protected by HTTPS, so it's difficult for organizations to intercept or inspect them.
Once a user fills out a form, his or her information is saved to the originator for easy viewing and sharing -- a detail that spammers especially enjoy.
You can find tons of phishing samples by doing an Internet search on the terms "inurl:formkey password site:spreadsheets.google.com," where the term "password" can be replaced by any term you think the phisher may include in the phishing form.
Many schools and universities use Google Docs, so these sorts of phishing attacks have disproportionately targeted the educational sector. Even if administrators wanted to block Google Docs spreadsheet forms, they can't. Their schools and businesses are often running on Google Docs, and right now it's difficult to separate the good from the bad.
No comments:
Post a Comment