If You Use Google Drive, You May Be Targeted For This Phishing Attack

By
Real Estate Broker/Owner with Providence Group Realty TREC# 0608931

AGENTS:

If you use Google Drive for your customers or team, be aware that a new phishing attack launched today. The base domain that is sourcing the attack is blackburnsmed (dot com). We discovered this by looking at the source code in the email we received. (See image below.)

source

This attack is sent under the guise of a highly trusted, frequent contact. It isn't the normal spammy content that is easy to spot... It appears to be a legitimate request to share content from your trusted contact's google drive. (See image below.)

phishing

When the recipient clicks on the link, it displays an innocent looking .pdf document with a download link. The branding is clever, and passes an ordinary consumer's 'sniff test'.

landing page

When the viewer clicks on the download button, it launches a .php script that directs them to log in with their email account to complete the download. (See image below.)

 

The recipeint selects the type of account to log in with, and what looks like a regular login screen appears. Account credentials are logged the moment the user logs in. :-(  

Note: This screen is the one context clue that might alert an end user to trouble... Why would google drive require login with yahoo, aol, windows, or other email accounts?

End users with google drive accounts will automatically be logged in to google drive, and may be confused about why the 'document' didn't download, or why it doesn't appear in their account. Curiosity may lead them to repeat the process using a different account credentials, which exposes yet another email account and password to the hackers.

We have reported this to Google. 

If you have fallen victim to this scam, change all of your passwords immediately.

For agents who are smarter than the average bear, we can highly recommend http://pdfmyurl.com/  as a method of pre-screening websites and embedded links without actually surfing to them on your machine. This is what we used to collect our screenshots for this post.

 

Comments (17)

JERMAINE FRANKLIN
GreenTree Real Estate Services - Jeffersonville, IN
I have Your Best Interest at Heart

Thank you for the notice. I just start using google drive in the last week or so.

Jun 06, 2014 12:07 AM
Amanda Thomas
Providence Group Realty - Plano, TX
​Broker, SRES®, BPOR, MCNE, ​Certified DRS Agent™

@Jermaine, thank you for your feedback. The source of the attack will probably change, but the packaging will probably be look similar. We are hoping to save folks some grief.

Jun 06, 2014 12:18 AM
Ed & Tracy Oliva
West USA Realty - Arizona - Fountain Hills, AZ
The Oliva Team Arizona Agents

Good Morning and thank you for this Info, keep up the good work and good luck with your business,  E

Jun 06, 2014 12:37 AM
Dee Toohey
Innovative Realty Solutions Group - Longwood, FL
Broker, ABR, AHWD, CIPS, FMS, ePro

Thanks for the warning! 

Who else is annoyed at this "crap"?  Between this and scraping our listings, it's really insane out there.  Be careful.

Jun 06, 2014 12:58 AM
Les & Sarah Oswald
Realty One Group - Eastvale, CA
Broker, Realtor and Investor

If you have a document on google drive you want to share, you just give them the url to the document. Nothing to down load and anyone can see the document as long as they have the url address. 

Jun 06, 2014 02:14 AM
Lani Stern
Toronto, ON
Your lifetime agent

Happened to me and I had nearly a hundred responses of people asking what it was and why they could not open it.

Jun 06, 2014 02:59 PM
Amanda Thomas
Providence Group Realty - Plano, TX
​Broker, SRES®, BPOR, MCNE, ​Certified DRS Agent™

@Dee, Amen!

@Sarah and Lester, good advice. I think because the email appears to come from a trusted contact (and one that probably shares docs via google drive), end users assume it is safe without really scrutinizing.

@Lani, sorry to hear about that. That's exactly what we see happening on our end.

Jun 06, 2014 10:42 PM
Travis "the SOLD man" Parker; Broker/Owner
Travis Realty - Enterprise, AL
email: Travis@theSOLDman.me / cell: 334-494-7846

I've gotten a lotta Craigslist responses wanting me to "review their offer". It's a download, so I've skipped it.  Especially, since the same wording is used on offers for different properties with different senders...

Jun 07, 2014 01:00 AM
Amanda Thomas
Providence Group Realty - Plano, TX
​Broker, SRES®, BPOR, MCNE, ​Certified DRS Agent™

@Travis - good example of another prominent phishing scam! :-)

Jun 08, 2014 12:38 AM
David Spencer
Keller Williams Northland - Kansas City, MO
Show Me real estate in Kansas City

Now you see why I do not use google.

Jun 08, 2014 09:32 AM
Amanda Thomas
Providence Group Realty - Plano, TX
​Broker, SRES®, BPOR, MCNE, ​Certified DRS Agent™

@David Spencer, google drive is not the problem. There are likely phishing scams that mimick this one that target dropbox users, skydrive users, etc... It is the gullability of consumers that gets them into trouble and causes them to fall prey to scammers.

Jun 08, 2014 09:46 PM
Stefan Winter
Real Estate in IL & NV | Owner of Real Estate Web Tech | Daily Vlogger - Las Vegas, NV
Owner - Winter Group & Real Estate Web Tech

It's amazing how many people will fall for scams of craigslist, email scams or any scam. Just last week my friend was selling a camera on craigslist and someone offered her more then she was asking to ship it to Thailand, luckly she posted it on Facebook and I advised her not to do it. 

Be smart & if you get an email from your bank, social media or any website, instead of following the link in the email, go to the banks website directly. Also always look at the URL bar and make sure it is the website it claims to be.

Jun 09, 2014 01:19 AM
Wayne Johnson
Coldwell Banker D'Ann Harper REALTORS® - San Antonio, TX
San Antonio REALTOR, San Antonio Homes For Sale

Amanda-Thanks for the heads-up. I don't use Google Drive, but I will check into http://pdfmyurl.com/ as a screening process.

Jun 11, 2014 01:45 AM
Amanda Thomas
Providence Group Realty - Plano, TX
​Broker, SRES®, BPOR, MCNE, ​Certified DRS Agent™

Hi Wayne, thanks for the feedback! Hope you write back after you try pdfmyurl. :-) 

Jun 11, 2014 11:28 AM
Bahman Davani, CM at Texas Five Star Realty, Plano, TX (214) 457-7055
Texas Five Star Realty, Plano Texas - Frisco, TX
Homes for Sale in Plano, Frisco, Prosper, Allen TX

Hi Amanda, after a while, I was checking activerain posts and I saw your great post. As usual detail and useful. Thanks for the great job and great post.

Jun 11, 2014 05:34 PM
Brian Clinger
Coldwell Banker AJS Schmidt - Cascade, MI
Brian Clinger ABR, GRI, CRS, SRES

Thank you for the alert and the pdfmyurl.com tip.

Jun 12, 2014 01:12 AM
Amanda Thomas
Providence Group Realty - Plano, TX
​Broker, SRES®, BPOR, MCNE, ​Certified DRS Agent™

Bahman!!! My favorite Texas Five Star Realty Broker in the whole world!! :-)

Hi Brian, you bet! Happy to share. :-)

Jun 12, 2014 02:04 AM

What's the reason you're reporting this blog entry?

Are you sure you want to report this blog entry as spam?