<<<
Monday, May 30, 2011
>>>
 
Phishing Sites Hosted on Google's Servers Posted by Mikko @ 08:45 GMT

Google Docs allows users to create documents, spreadsheets, et cetera at google.com (hosted in Google's cloud):

spreadsheets.google.com

Spreadsheets can even contain functionality, such as forms, and these can be published to the whole world.

Unfortunately, that means we regularly see phishing sites via Google Docs spreadsheets and hosted on spreadsheets.google.com.

Here are some examples:

spreadsheets.google.com

spreadsheets.google.com

spreadsheets.google.com

These are nasty attacks, as the phishing pages are hosted on the real google.com, complete with a valid SSL certificate.

spreadsheets.google.com

While researching these, we ran into this Google spreadsheet form:

spreadsheets.google.com

And for the life of us, we just can't figure out if this is phishing or if it's a valid page run by Google [see below for the answer].

Initially, the page obviously looks like phishing: it's hosted on the public spreadsheets.google.com server where anyone can host forms. And it asks for your Google Voice number, your e-mail address and the secret PIN code.

But then, you can also find that apparent Google Employees are linking to the form.

So, we can't figure it out. Can you?

Here's the URL to the form:
https://spreadsheets.google.com/viewform?formkey=cjlWRDFTWERkZEIxUzVjSmNsN0ExU1E6MA

If you can figure this one out, let us know via comments.

Updated to add: The consensus on Twitter seems to be that it's a phishing site. The jury's still out though.

spreadssheets

Updated to add: We got contacted by a Google employee.

They informed us that, surprisingly, the questionable page is indeed the official Google form to request Google Voice account transfer. They also told us to remove all references to the form in this blog post. But I'm afraid we can't do that.






<<< Vulnerability Reporting in the Age of Social Media
|
No snow! >>>