Phishers exploit Google Docs with Gmail de-activation alert

The Gmail database is not congested, and Google is not asking users to confirm that their accounts are still active.

But, it seems that scammers are hoping that you might believe that’s true, according to one of the latest phishing attacks that has been spammed across the net.

Here’s what a typical email looks like:

Google Docs phishing message

Subject: De-Activation Alert!

Message body:
Dear Gmail Account User,

Due to the congestion in our Gmail database, We will be shutting down all unused accounts before on the 30th of June. You will have to re-confirm your account as soon as possible to enable us upgrade your account before the deadline date.
To confirm your account kindly fill the account verification form.

After Following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request.
[LINK]

We apologize for any inconvenience.
Thanks & Regards,
Engineer.J.Williams
Upgrade Team Controller

As the link does point to a webpage hosted somewhere on Google.com, some computer users may believe that the form they are being directed to must be genuine. However, it is actually pointing to a spreadsheet on Google Docs – pages which can be created by any Tom, Dick or Harry.

And, in this case, a “Google account verification form” is attempting to trick you into handing over personal information – such as your name, full date of birth and password.

Google Docs phishing site

The eagle-eyed might spot the spelling mistake in the form (“confrim” rather than “confirm”) but you can hardly rely on the phishers making errors like that as a way of protecting yourself.

Google DocsWhy are the scammers using Google Docs to host their phishing pages?

Well, they hope that potential victims will believe it’s a genuine Google resource as it is hosted at an authentic Google URL, and that rudimentary security software won’t feel comfortable blocking the entire google.com domain. (Of course, good security software is smarter than this).

Users shouldn’t forget that a site like Gmail knows if you have been using it recently or not – because every time you log in or send an email a record is kept somewhere inside the Googleplex.

Not that Google is likely to run out of any storage space or plan to shut down any dormant email accounts any time soon by my reckoning..

Hat-tip: Thanks to Naked Security reader Guido for sending us a tip about this scam.