Phishers exploit Google Docs with Gmail de-activation alert

Graham Cluley
Graham Cluley @

 @grahamcluley.com
 @[email protected]

The Gmail database is not congested, and Google is not asking users to confirm that their accounts are still active.

But, it seems that scammers are hoping that you might believe that’s true, according to one of the latest phishing attacks that has been spammed across the net.

Here’s what a typical email looks like:

Google Docs phishing message

Sign up to our free newsletter.
Security news, advice, and tips.

Subject: De-Activation Alert!

Message body:
Dear Gmail Account User,

Due to the congestion in our Gmail database, We will be shutting down all unused accounts before on the 30th of June. You will have to re-confirm your account as soon as possible to enable us upgrade your account before the deadline date.
To confirm your account kindly fill the account verification form.

After Following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request.
[LINK]

We apologize for any inconvenience.
Thanks & Regards,
Engineer.J.Williams
Upgrade Team Controller

As the link does point to a webpage hosted somewhere on Google.com, some computer users may believe that the form they are being directed to must be genuine. However, it is actually pointing to a spreadsheet on Google Docs – pages which can be created by any Tom, Dick or Harry.

And, in this case, a “Google account verification form” is attempting to trick you into handing over personal information – such as your name, full date of birth and password.

Google Docs phishing site

The eagle-eyed might spot the spelling mistake in the form (“confrim” rather than “confirm”) but you can hardly rely on the phishers making errors like that as a way of protecting yourself.

Google DocsWhy are the scammers using Google Docs to host their phishing pages?

Well, they hope that potential victims will believe it’s a genuine Google resource as it is hosted at an authentic Google URL, and that rudimentary security software won’t feel comfortable blocking the entire google.com domain. (Of course, good security software is smarter than this).

Users shouldn’t forget that a site like Gmail knows if you have been using it recently or not – because every time you log in or send an email a record is kept somewhere inside the Googleplex.

Not that Google is likely to run out of any storage space or plan to shut down any dormant email accounts any time soon by my reckoning..

Hat-tip: Thanks to reader Guido for sending us a tip about this scam.

Graham Cluley
Graham Cluley

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

You may also like...

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.