I was catching up on some darkreading and, once again, there it is; THERE IS NO TRUST. This time, so called “trusted cloud services” such as Google Docs has become a candy store for phishing attackers. Although this news in-and-of-itself is interesting because it has to do with Google, but the most interesting part of it has to do with the fact that phishing tactics continues to be the trend in the darkcloud. Another words, human remains to be the weakest link.
According to researchers, there seems to be a new method that phishing attackers use to re-direct their victims to malicious phishing websites via Google Docs. Suffice to say, Google Docs has serious known vulnerabilities.
If you are interested and want to know more about this easy-to-launch-and-exploit phishing methodology, and why you should stop using Google's (easy-to-use) feature that allows for embedding an entire website in a document for sharing rich content in HTML, then read more here.
Lastly, good security starts with a clear policy. Content creation, distribution, sharing, and storage should be done in a way that it does not provoke activity that interferes with the primary mission of the organization, and any activity that violates this principle shall be disconnected immediately.
I believe THAT should be enough without boring you with the technical details, or scaring you any further.
Photo by Brett Jordan
