Phishing on a Digital Binary Warning Abstract

Google Docs? Check One More Time…

If you go looking for Google Docs related URLs on your travels, you may run into the following site (registered through an “Offshore anonymous hosting company” in Panama):

googledocs(dot)info

Despite the name, you won’t find your documents sitting in a pile waiting to be edited. Indeed, you’ll currently see this:

Index of

If we had a magical window into the past, though – a bunch of screenshots would do it – we could see that not so long ago, the site looked like this:

Index of...

Click to Enlarge

Not a lot going on at first glance, but a little bit of digging around and things quickly open out with various “Yahoo Login” and “Google Docs” pathways…

Lots of links

Click to Enlarge

Will we see a fake Google login? You bet:

Click to Enlarge

It reads as follows:

One account. All of Google. Sign in to continue to Gmail.

…with the obligatory login box to harvest credentials.

Elsewhere, we have a Yahoo! page:

Yahoo!...?

Click to Enlarge

Admittedly, a fake Yahoo! page is a touch at odds with a URL called “Googledocs(dot)info” – but one would hope observant visitors would spot the dissonance and retreat to safety (an even easier task now, given the whole site has been pulled offline). We also saw what appears to be a dummy / template resume, and something which resembles the format credentials posted via a fake login tend to take.

As with all webmail logins, if the HTTPs /green padlock indicator has gone missing then you should refrain from handing over your password – type in the web address you know to be the real deal and navigate there manually instead.

Given how many new types of domain are frequently added to the ever growing pile, it’s becoming quite difficult to ensure a company buys everything that sounds even a little bit like their business. Unless they have a bottomless pile of cash for both registering AND renewing domains, most will have to accept that there’s only so many they can grab and aim to purchase the most likely suspects. Even then, a few little tweaks here and there can ruin their plans so they often just have to hope for the best.

On the other side of the screen, we can certainly play our part and ensure we don’t fall for fake login URLs, no matter how convincing they look.

That goes double for the unconvincing ones…

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.