[nsp-sec] Google spreadsheet phish
Chris Morrow
morrowc at ops-netman.net
Tue Aug 2 15:42:26 EDT 2011
On 08/02/11 15:33, Jon Lewis wrote:
> On Tue, 2 Aug 2011, Chris Morrow wrote:
>
>>> This one is great:
>>>
>>> hxxps://spreadsheets.google.com/spreadsheet/viewform?formkey=dEdYRVhlVkJoRUpZaUFsVTVueVVkaWc6MQ
>>>
>>>
>>>
>>>
Have clicked "report abuse" which is quite clearly displayed below the
>>> content, how stupid must these people be??
>>>
>>
>> yea.. 'it works' so the spammers/grifters keep on using these
>> techniques? :(
>
> The real problem is that it works, and even after reporting it (via
> the Report Abuse link and/or here), it at least appears to continue
> to work for some time. If so, there's nothing stopping the phishers
> from continuing to use Google spreadsheets for phishing.
>
> We're 7+ hours from the initial report to nsp-sec about the above
> one (and who knows how many times Report Abuse has been clicked on
> it), and it's still there.
yup, we're (I at least) are attempting to get the folks behind the
'report abuse' to understand that 'time matters' for these.
>
> Maybe they're locking down access to the responses long before the
> sheets are taken down?
>
I don't know what the process is, actually.
More information about the nsp-security
mailing list