14 DAY TRIAL // Security researchers from Finnish antivirus vendor F-Secure have found phishing forms stored as spreadsheets on Google Docs, outlining yet another way in which legitimate services are being abused by cyber criminals.
The F-Secure researchers have found several such rogue spreadsheets which seem to be part of different phishing campaigns.
"Spreadsheets can even contain functionality, such as forms, and these can be published to the whole world. Unfortunately, that means we regularly see phishing sites via Google Docs spreadsheets and hosted on spreadsheets.google.com," says F-Secure's Chief Research Officer, Mikko Hypponen.
In one case, a spreadsheet titled "webmail account upgrade" contains fields for inputting webmail account credentials. In another, a form is gathering student data.
One page, claiming to be a Google Voice account transfer form, is crafted so well that not even the F-Secure researchers are sure if it's legitimate or not.
On one hand it asks for Google Voice numbers, e-mail addresses and secret PIN codes, so it looks like a phishing scam, but on the other, Google employees have linked to it on support forums.
This is not the first time when cyber criminals have abused Google Docs. The practice of storing documents with pharma spam on the popular service was quite common a year ago.
At one point their numbers became so high that Spamhaus, a renowned anti-spam outfit, added the Google Docs servers to its blacklist.
One big issue with this kind of abuse is that it leverages the site's SSL protection to lend itself more credibility. Users have been told repeatedly to make sure they are on SSL-enabled websites when inputting personal information, based on the fact that phishers don't set up digitally signed pages.
However, seeing the SSL padlock in the address bar and the fully encrypted connection with Google Docs might lead users to think that these are legitimate forms.