We got several reports ( thanks to Seren Thompson , Tahir Khan and Harry Vann ) about OAUTH phishing attacks Attack.Phishing against Google users . The phishing attack Attack.Phishing arrives , of course , as an e-mail where it appears that a user ( potentially even one on your contact list , so it looks very legitimate ) has shared a document . If you click on the link ( Open in Docs ) , you will be redirected to the OAUTH2 service on accounts.google.com , it appears as Attack.Phishing Google Docs wants full access to my Gmail as well as my contacts . Of course , this is not real Google Docs – the attacker has simply named Attack.Phishing his “ application ” Google Docs – this can be verified by clicking on the Google Docs text where the real web site behind this and developer info is shown : Obviously , once you allow access it is game over - the attacker probably uses the phishied Gmail account to further distribute Attack.Phishing phishing e-mails - we 'll see if we can get more details . So far at least the following domains are included : googledocs.g-docs.win googledocs.g-docs.pro The domains are definitely malicious – the URL leads to jsserver.info where a fake alert that the computer is infected is shown . UPDATE : There are more domains - they all just change the TLD 's for googledocs.g-docs.X or googledocs.docscloud.X . Most of them ( if not all ) appear to have been taken down ( thanks @ Jofo ) . It also appears that Google has reacted quickly and are now recognizing e-mails containing malicious ( phishing ) URL 's so the message `` Be careful with this message . Similar messages were used to steal Attack.Databreach people 's personal information . Unless you trust the sender , do n't click links or reply with personal information . '' will be shown when such an e-mail is opened .

Where there ’ s a will , there ’ s a way , and scammers are finding increasingly cunning ways to capitalise on the reach and popularity of the world ’ s global brands . This time PayPal is the target , according to Proofpoint . The company recently discovered a phishing email message which looked like Attack.Phishing a benign PayPal login , but in reality it was a “ very well crafted ” phishing webpage . The page is available in multiple languages , which makes it seem all the more legitimate and across many different regions . Behind the scenes , the phishing attack Attack.Phishing turned out to be complex and sophisticated , and Proofpoint says those are the real innovations . The phishing Attack.Phishing attempts feature embedded URLs that direct users to the fake PayPal login . This is done using a decommissioned PayPal service that allows a person to buy a gift card from a user . The phishing attack Attack.Phishing then starts with a ‘ reassuring welcome page ’ , Proofpoint says . Users are then asked to confirm the credit card information . After the phishing kit validates the card , it asks users to enter security information about the card , the link to their bank account and details and identification . Proofpoint says that the particular phishing kit shows how ‘ crimeware as a service ’ is rapidly advancing , and will become a more common technique . Proofpoint says it has notified PayPal of the phishing campaign Attack.Phishing and the findings