Security experts at Symantec have found a new phishing system depending on Google Drive that is being utilized by hackers to steal Google Account credentials details.
Most phishing prevention techniques focus on visually checking the Hyperlink to ensure the connection is safe. This is normally good advice, however this doesn’t assist in preventing against this particular attack.
Symantec recently released a news post to notify users on a new innovative Google Drive phishing scam, and in this case scammers used a phishing message using a simple subject of “Documents” and containing a URL aiming to a phishing page hosted on the Google Drive.
With this example, the phishers have made a small mistake. Towards the end corner of the page, there is a dialect selection box. For an individual who’s conscious this could be a warning sign that something is wrong. It seems the phishers have mistakenly corrupted the page, as some language labels are shown as a question mark on both sides:
“This corruption is probably because Google lists languages in their native scripts: for example, Korean is listed in a language dropdown using the native Korean alphabet of Hangul: 한국어. When phishers saved a copy of the Google login page, they likely inadvertently changed the character encoding from UTF-8 to ISO-8859-1 (Latin-1), causing this corruption in the display.” Symantec said in their blog post.
Of course, a lot of victims might not recognize this problem on the page as it’s within a dropdown located in the corner and doesn’t stick out. Even when a target did spot the corrupted display, they may dismiss it as being a minimal bug or a issue with their own personal computer, and proceed to login to the phishing site exposing their credentials to attackers.
Symantec also suggests users of Google enable two-factor authentication to prevent any future attacks.