Phishing with help from Google Docs

Google DocsIt’s child’s play to create a Google account, and use the Google Docs facility to host an online form. Maybe you’d want to use it to poll customers’ opinions, for instance.

But if you’re a scammer – you can equally use Google Docs to phish for passwords and sensitive information.

Here are a few email campaigns I saw spammed out today, attempting to trick users into handing over their confidential data.

In the first example, the email asks the recipient to confirm their email account details or risk having it shut down.

Sign up to our free newsletter.
Security news, advice, and tips.

Phishing messsage

The message reads:

Confirm your e-mail account please enter your Mailbox Details by clicking the link below:
[LINK]
Failure to provide details correctly will result to immediate closure of your mailbox account from our database.

As you can see, the link points to a page on Google Docs (docs.google.com). That gives the link a false aura of legitimacy. But what the link can’t do is tell you whether the Google account holder is legitimate or up to no good.

In this case, as you’ll see if you click on the link, it’s clearly an attempt to phish information from internet users.

As the screenshot below shows, the page falsely claims that your email account will be shut down in three days and the only way it claims you can resolve the situation is by entering your username and password.

Phishing page on Google Docs

Before you know it, your email account will be compromised. And if that username/password combination is being used elsewhere on the web or if – as is the case with Google – your details unlock a variety of services, then the security breach is compounded.

Here is another example of phishing via Google Docs that I encountered today. Again, it arrives in the form of a spam email.

Phishing message

The email reads as follows:

Subject: MAIL QUOTA 89.99%(VALIDATE)

Helpdesk requires you to validate your webmail.
Due to our upgrade, Protecting your webmail account is our primary concern, revalidate your e-mail by clicking [LINK] help desk.

If you do make the mistake of clicking on the link then you are taken once again to a page hosted on Google Docs (don’t be fooled by the different colour scheme).

Phishing page on Google Docs

Don’t forget, at the bottom of each Google Docs form there is a link where you can report abuse, such as phishing or offensive content.

Report abuse on Google Docs

Clicking the link should take you to a screen like this, where you can anonymously explain what your issue is with the page.

Google Docs abuse form

Sophos has reported the phishing webpages to the abuse team at Google Docs.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.