The Latest in IT Security

Phishing Sites Hosted on Google’s Servers


Google Docs allows users to create documents, spreadsheets, et cetera at (hosted in Google’s cloud):

Spreadsheets can even contain functionality, such as forms, and these can be published to the whole world.

Unfortunately, that means we regularly see phishing sites via Google Docs spreadsheets and hosted on

Here are some examples:

These are nasty attacks, as the phishing pages are hosted on the real, complete with a valid SSL certificate.

While researching these, we ran into this Google spreadsheet form:

And for the life of us, we just can’t figure out if this is phishing or if it’s a valid page run by Google.

Initially, the page obviously looks like phishing: it’s hosted on the public server where anyone can host forms. And it asks for your Google Voice number, your e-mail address and the secret PIN code.

But then, you can also find that apparent Google Employees are linking to the form.

So, we can’t figure it out. Can you?

Here’s the URL to the form:

We don’t recommend using the form. But if you can figure this one out, let us know via comments.

Leave a reply


MONDAY, MARCH 19, 2018



Latest Comments

Social Networks