Google Docs Used in a Spam Campaign

It seems that today an old spamming technique is back from the dead with a new twist. Google docs spam is back but this time the spam is propagated via emails not the Google doc sharing feature.

Today a spam email landed in my Gmail inbox. Because usually Gmail is very good at blocking spam, I took at look at it. This spam email simply contains link to a Google docs that contains the real spam that offers you to get a free diploma as visible in the screenshot below:

Back in 2008 spammers used Google Docs to massively spam users by sharing unwanted documents with them. The documents ended-up in their Google doc home directory. For this new campaign, it seems that they are just sending regular emails with a Google doc link.

The two things I find interesting about this spam campaign is that:

1) it seems that this type of spam effectively bypass the Gmail spam filter: A couple of my friends have confirmed that they also received the same type of spams and it has landed in their Gmail inbox as well.

2) Google doc display the number of viewers so you can see people come and go as they are lured to click on the link. I saw 7 other people taking a look at the document while writing this post (see the screenshot on the right) so it is clear that this campaign is active and “successful” As you can see, the viewers widget, also says that user 9923 and 2079 have opened/closed the document but I think it is a bug (9923 users seems a lot). I also wonder what is the click-rate through the link stored in the document (that will be nice to know).

What can we do about this ? Well you can do two things: first mark the email as spam and two mark the Google doc as spam by clicking on the report abuse in the help section as visible on the screenshot below:

 

 

Thanks for reading this post. If you like it please sharing it with the world, it makes me happy :) You can follow me on Twitter @elie or on Google+

About: Elie Bursztein
I lead Google's anti-abuse research and invent new ways to protect our users against cyber-criminal activities and Internet threats. I recently redesigned Google's CAPTCHA to make it easier, and made Chrome safer and faster by implementing better cryptography. I was born in Paris, France, wear berets, and now live with my wife in Mountain View, California.
About me
Lead Google's anti-abuse research. Develop new ways to protect users and disrupt bad guys. Make Chrome safer and faster. Help keeping G+ and Gmail clean. Wear berets. Do magic tricks.
Performance
post image: 3.00407409668e-05
headers: 0.00243020057678
sidebar: 0.0277500152588
post data: 0.0704998970032
total: 0.100719928741