There is an automatic assumption that when you see a link with the google.com domain in the address that you are dealing with a safe and secure site but according to a report from security researchers at F-Secure you might want to reconsider that preception.
They have found that nestled quite comfortably at Google Docs a number of phishing sites that are extremely well done to the point that they are still unsure about one of the sites that they have found.
The problem with this is that by inserting themselves on Google Docs these phishing sites are able to by-pass your browsers normal ability to detect, and protect you, from these nasties. This is because the Google domains provide a valid SSL (secure sockets layer) certificate which the browser uses to be able to tell, and notify us, that you are on a secure site.
While researching the many examples of Docs-hosted phishing sites, the F-Secure researchers came across this form (see below), which asks for your Google Voice number, email address and the secret PIN code on your account. It appears to be a phishing site, but oddly, at least one Google employee was found to have linked to the form on online Help forums.
This stumped the researchers, who then turned to Twitter to ask their followers what they thought.Tweets Mikko H. Hypponen, F-Secure’s CRO:
“The consensus on Twitter seems to be that the weird page on google.com is a phishing site. The jury’s still out though.”
Writes one commenter on the original blog post: “I must say kudos to Google for anonymizing so well the form, there’s no way to tell who made it.” Uh-oh, Google.
Uh-oh is right.