4

I received strange email from co-worker, asking me to click the link.

I did eventually follow the link, but thought putting in my gmail user/pass wasn't wise. What do you think? is this phishing attack? if yes where do I report it and get it taken down?

Link: www.collectablelegends.com.au/googledoc/Secure Login.html

Regarding my question, where to report it I found it here: Where to report malicious URLs, phishing, and malicious web sites?

1 Answers1

9

It's a clear phishing attempt. Either your coworker's machine is compromised, or he subscribed to some innocent-looking malicious service that sends emails on his behalf.

Once you supply your password, it's submitted via non-secure HTTP to

www.collectablelegends.com.au/googledoc/gmail.php

and then you're redirected to

https://drive.google.com/?urp=http://www.collectablelegends.com.au/googledoc/Sec&pli=1

which is nothing special. If you were already logged in to your GMail account, that URL will show you your Google Drive, and a gullible user will think that he logged in using that phishing service.

As for where to report it, it looks like you already have the answer for that. Also, it would be nice if you report this to your coworker and/or the IT department in your company.

Adi
  • 43,953
  • 16
  • 137
  • 168
  • 1
    Reporting this to the coworker might not be a good approach: as yourself have pointed out, the coworker could be the responsible for this. According to many company's policies, this should be escalated to the Fraud/InfoSec departments if the company has these departments, or escalate it to a line manager. – Lex Oct 24 '13 at 14:21
  • @Lex I disagree. I doubt the coworker is actually stupid enough to send such thing from his personal/work email. The coworker's machine is likely compromised. – Adi Oct 24 '13 at 14:36
  • understandably I can see your point; however, to quote Einstein: "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."; plus if it is company's policy, just because we assume the person could not humanly be stupid enough to do that, does not mean we can go ahead and take matters onto our own hands. Also, assuming he did not this on purpose, after being told he might try and remove the exploit/virus/Trojan himself, hampering any potential forensic investigation. – Lex Oct 24 '13 at 15:12