Spammers have always been creative, coming up with new techniques, jumping on breaking news, and adopting the latest technology, all in the name of pushing out as many e-mail messages as possible.
A recent study found they are compromised legitimate accounts on Webmail providers, such as Hotmail and Gmail. They are also taking advantage of legitimate cloud apps, according to InfoWorld’s Roger Grimes.
Many phishing scams rely on Google Docs to collect data from unsuspecting users. The attackers create forms that look as if they are part of a legitimate operation in Google Spreadsheets and Docs. Phishers can easily harvest and summarize all the data users enter in the forms. Attackers send an e-mail message with the link to the form to selected users.
Wary users can spot the form as being potentially fraudulent because the URL will begin with a spreadsheet.google.com address. The problem is, many schools and universities use Google Docs and many of the phishing attacks specifically target the educational sector. Administrators can’t unilaterally block spreadsheet forms from Google Docs because the faculty, staff and students rely on the service.
This is just another example of users and organizations alike needing to be alert and on the lookout for scams.