[nsp-sec] Google spreadsheet phish
Jon Lewis
jlewis at lewis.org
Tue Aug 2 15:33:35 EDT 2011
On Tue, 2 Aug 2011, Chris Morrow wrote:
>> This one is great:
>>
>> hxxps://spreadsheets.google.com/spreadsheet/viewform?formkey=dEdYRVhlVkJoRUpZaUFsVTVueVVkaWc6MQ
>>
>> Have clicked "report abuse" which is quite clearly displayed below the
>> content, how stupid must these people be??
>>
>
> yea.. 'it works' so the spammers/grifters keep on using these techniques? :(
The real problem is that it works, and even after reporting it (via the
Report Abuse link and/or here), it at least appears to continue to work
for some time. If so, there's nothing stopping the phishers from
continuing to use Google spreadsheets for phishing.
We're 7+ hours from the initial report to nsp-sec about the above one (and
who knows how many times Report Abuse has been clicked on it), and it's
still there.
Maybe they're locking down access to the responses long before the sheets
are taken down?
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the nsp-security
mailing list