Ebay - Advertisement

Tuesday, July 5, 2011

Google Docs - a great hosting for Phishing forms

Google docs is a powerful service for creating and sharing online documents such as documents, spreadsheets, presentations and forms which are stored in the cloud. Creating forms that are stored and presented in google's domain, makes this service useful for Phishers that can create phishing forms in order to steal user credentials, credit card numbers, etc. Innocent victims would trust the form due to theact that these forms are stored and presented in google's domain.

In the following images it is possible to see a POC of such attack: Step 1: The attacker creates a phishing form, using google forms in order to steal vitctims' sensitive information such as user credentials, credit card numbers etc. It is possible to see that this form is running under google's domain.This form will submit victims' credentials to google docs server.

Step 2: In the following image it is possible to see that the attacker now is able to see victim's credentials.

No comments:

Post a Comment