contadores de paginas web Saltar al contenido

Page hosting on Google Drive could be used in phishing campaigns

phishing con google drive

In Google Drive you can upload and share HTML, JS and CSS files to create small public web pages like this hangman game I made a few years ago with a classmate.

The service is good because any user can host a page for free, but like everything if it is taken advantage of by bad people it could become a problem. This is exactly what Juan Manuel talks about in his blog Mvdtechnology.

Google Drive could be used to mount false pages like the following:

The page looks like Gmail, it has verified HTTPS and it is under a Google domain, that is to say that at first glance it seems totally reliable, however it is a fake page mounted by Juan Manuel as proof of concept.

It was already reported to the Google security team and they gave permission to broadcast it as an alert about this type of practice. Some will say that with HTML and JavaScript you cannot steal credentials because everything happens on the client side, but it can actually be done by looking for it back, for example with a simple iframe.

With these pages the same problem of the Google Drive forms (formerly called Google Docs) is generated, since being under a Google domain they can easily pass the anti-phishing filters and deceive the users who usually take a quick look at the addresses to know if they are in a safe place.

Before entering any password, you must carefully observe the address bar, especially when the data is requested after clicking on a link. In case of doubt, it is best to enter the login page by typing the address manually.

The pages hosted on Google Drive all have the same structure, they only vary in an intermediate code and the final name of the file:

https://googledrive.com/host/code-intermediate/file-name.html

So if you end up on a page that asks for your password but starts with https://googledrive.com/host/ means that you are on a page that is not the legitimate one.

Whenever you are going to log in to any Google service, URLs must start with https://accounts.google.com