Last visit was: Sat Jul 05, 2014 11:56 am
It is currently Sat Jul 05, 2014 11:56 am

doc.google.com/spreadsheets scams


All times are UTC - 5 hours [ DST ]


 [ 15 posts ] 
Author Message
 PostPosted: Tue Apr 10, 2012 1:47 am   
Spammer Killing Machine
User avatar

Joined: Sun Jun 13, 2010 5:22 pm
Posts: 528
On a PhishTank mailing list, several people who evaluate potential phishing scams are expressing dismay because they suspect that Google has stopped removing phish from doc.google.com/speradsheets/ pages.

I can neither confirm nor refute the suspicions; I am only passing along the concerns in case some readers may be interested. I am aware the the situation coincides with the Easter weekend; perhaps Google's staffing level fell too low to handle the volume of complaints.


Top
 Profile  
 PostPosted: Tue Apr 10, 2012 1:31 pm   
Site Admin
User avatar

Joined: Tue May 09, 2006 9:18 am
Posts: 5022
My personal experience is that when you do the following:

- Click the link at the bottom of the offending form that says "report abuse"
- Post the form. (I do it a few times to drive the point home.)

They do shut it down. It takes at least 24 hours, but they do shut it down.

SiL


Top
 Profile  
 PostPosted: Tue Apr 10, 2012 1:58 pm   
Spammer Killing Machine
User avatar

Joined: Sun Jun 13, 2010 5:22 pm
Posts: 528
At least two people have been requesting that Google shut down the following page since 5-April or earlier.

https://docs.google.com/spreadsheet/viewform?formkey=dEhFVUdhVWpzeF9BcjNyOGl2UHJMOVE6MQ

I can easily understand why they think that the page is suspicious because it is labeled "Yahoo!© Service" and it collects Yahoo account log-in data.


Top
 Profile  
 PostPosted: Tue Apr 10, 2012 5:09 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
Added my tuppence worth, for
https://docs.google.com/spreadsheet/vie ... UHJMOVE6MQ

Thanks for reporting abuse

Your abuse report has been submitted and will be processed as quickly as possible.


Where's the flash mob?


Top
 Profile WWW  
 PostPosted: Thu Apr 12, 2012 4:12 pm   
Spam Investigator
User avatar

Joined: Fri Jan 23, 2009 12:28 pm
Posts: 300
https://docs.google.com/spreadsheet/vie ... YXhma2c6MQ

This one was reported on April 3rd. Repeatedly by clicking on "Report Abuse", by a notification to Google's abuse desk from my SpamCop-report and by a suspension-requests (from 2 different e-mail accounts) to Google's abuse desk (Google Help), with the full UBE attached.

The form in Thai language collects Hotmail and Live account log-in data, and was used in a spam which was sent to over 2,500 Hotmail and Live accounts. The form itself does not mention Hotmail, but the nature off the phishing attempt was clear from the spam-message (which Google has received 9 days ago!!).
Just like in the links provided by NB and Red, passwords entered in the form are not masked.

I want to add that since about 2 weeks, Google does no longer suspend Thai ('work-from-home') scam-links, no matter how many times the "Report Abuse" link has been clicked using different IP-addresses and browsers.
I can understand that if a form contains very little information (and in Thai) that such forms may not be recognized as scam/spam-forms by Google. For that purpose Google has a report&appeal form, where one can enter - a little- extra information, at:

http://docs.google.com/support/bin/requ ... h=Continue .

When my Thai spouse had used that link just a few times, and mentioned that the scam-link had not been suspended despite several "Report Abuse"-clicks, she received mails from Ana from "Google Help" . 1st Telling my wife NOT to use that form but ONLY to report spam by clicking on "Report Abuse" (ignoring the fact that such had already been done, but without response). After the next one, my wife was informed by Ana that she was abusing the "report&abuse"-forms(??), and that because of that, Ana had marked my wife's e-mail address as "spammer", and that further reports from her would therefore not be read. :shock:

I myself have not gotten a notification that my address also is considered as spam-address, but I fear it is, because even my notifications through SpamCop-reports now are ignored. :x


Top
 Profile  
 PostPosted: Thu Apr 12, 2012 8:18 pm   
Spammer Killing Machine
User avatar

Joined: Sun Jun 13, 2010 5:22 pm
Posts: 528
Boonsiri wrote:
After the next one, my wife was informed by Ana that she was abusing the "report&abuse"-forms(??), and that because of that, Ana had marked my wife's e-mail address as "spammer", and that further reports from her would therefore not be read. :shock:

In the late 1980's, I received a similar threat from some functionary at the University of California at Berkeley because I had sent two complaints about two spam incidents within a month. (The Berkeley system had been relaying many more spam messages to me.) I then notified the head network administrator at Berkeley of the irregular performance, but I never received a reply. I don't know if my email address was really banned from Berkeley, but I probably still have my email preferences set to refuse berkeley.edu :roll:


Top
 Profile  
 PostPosted: Fri Apr 13, 2012 7:29 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
Red Dwarf wrote:
Added my tuppence worth, for
https://docs.google.com/spreadsheet/vie ... UHJMOVE6MQ

Thanks for reporting abuse

Your abuse report has been submitted and will be processed as quickly as possible.


Where's the flash mob?


Call off the flash mob

We're sorry. You can't access this document because it is in violation of our Terms of Service.
Find out more about this topic at the Google Docs Help Center.


https://docs.google.com/spreadsheet/viewform?formkey=dEhMNnNmUkxzYjBfYzU2c0VnYXhma2c6MQ also reported. Tuppence more.


Top
 Profile WWW  
 PostPosted: Fri Apr 13, 2012 8:28 pm   
Spam Investigator
User avatar

Joined: Fri Jan 23, 2009 12:28 pm
Posts: 300
I hope that Red has more luck with that one, as I got the impression that Google has decided to ignore Thai scam-links.
This one - 'work-from-home' -was spammed on April 7th, and because it was not suspended despite numerous reports, it was used again in a spam from April 12th (and reported again and again):
https://docs.google.com/spreadsheet/vie ... UmREeGc6MQ


Top
 Profile  
 PostPosted: Fri Apr 13, 2012 9:00 pm   
Spammer Killing Machine
User avatar

Joined: Sun Jun 13, 2010 5:22 pm
Posts: 528
Red Dwarf wrote:
Call off the flash mob
My compliments to the flash mob.


Top
 Profile  
 PostPosted: Sat Apr 14, 2012 7:12 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Tue Jun 27, 2006 2:01 am
Posts: 9227
Boonsiri wrote:
I hope that Red has more luck with that one, as I got the impression that Google has decided to ignore Thai scam-links.
This one - 'work-from-home' -was spammed on April 7th, and because it was not suspended despite numerous reports, it was used again in a spam from April 12th (and reported again and again):
https://docs.google.com/spreadsheet/viewform?formkey=dG84NjY1eG82a2Vnd2hBRVN2UmREeGc6MQ


The problem here is that it is not an obvious phish, requesting a password for an email address. It could be seen to be innocuous. Translation
Quote:
Welcome. We allow people to earn extra money through the Internet, simply fill out the form below. You will receive details of all jobs. To earn extra money for the real We are pleased to add more staff. To support the expansion of the company and its customer base. We are open to all interested parties. Careers for students who are looking for extra income or general staff officers and to make special. FullTime & Part Time Jobs Work from home via the Internet. It can earn income from this work is * based on the individual. System and method of work to learn from the experts of the company only. * Reserved for those who are willing and ready to start working with. The company immediately.
* Required.

Name - the extension *.

Age *.

Phone *.

A *.

City *.

Email *.

Do you want more information and to join with us at any *.

Want to join 100% seriously.
To participate in a moderate 60-80%.
To attend at least 50%.


Top
 Profile WWW  
 PostPosted: Sun Apr 15, 2012 9:25 am   
Spam Investigator
User avatar

Joined: Fri Jan 23, 2009 12:28 pm
Posts: 300
Red wrote:
Quote:
The problem here is that it is not an obvious phish, requesting a password for an email address. It could be seen to be innocuous. Translation


Yes, I am aware that the form may look innocent, as this time no minimum age of 15 and also no ridiculous high incomes - for Thai standards - are mentioned. The original spam-message had as usual of course no contact details or company name.

Moreover, though the scam-nature of the form may not be clear, it has been reported and appealed through Google's "report&abuse"-form, and should therefore have been suspended for spamming. I have seen spammed scam-forms in the past that were even less detailed than this one, but were still suspended by Google.

As mentioned earlier, it looks like Google no longer responds on ANY spam-report if the form is in Thai language. The form which obviously collects account log-in data from Hotmail (Google does have the full UBE) is after 12 days also still not suspended. Hotmail/Live did reply to me that they had taken appropriate action on that spam, but I don't know which action.


Top
 Profile  
 PostPosted: Sun Apr 15, 2012 3:12 pm   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
Technically, to be "phish," it has to spoof some known website that people would normally trust.

It sounds like this is a money mule scam. If it is reported as phish and there is no recognizable brand involved, it may not get action. It would have to be reported for some other infraction.

It is hard to prove a job scam is really fraudulent. If you can't provide evidence a host could rely on if the terminated client filed a lawsuit, they're probably not going to want to touch it.


Top
 Profile  
 PostPosted: Sun Apr 15, 2012 5:35 pm   
Spam Investigator
User avatar

Joined: Fri Jan 23, 2009 12:28 pm
Posts: 300
AlphaCentauri wrote:
...
It sounds like this is a money mule scam. If it is reported as phish and there is no recognizable brand involved, it may not get action. It would have to be reported for some other infraction.

It is hard to prove a job scam is really fraudulent. If you can't provide evidence a host could rely on if the terminated client filed a lawsuit, they're probably not going to want to touch it.

Not one of these spams looks like a money mule scam. I have not seen any form (or spam-message) of these scams that asked people if they had a bank-account, or a request to provide one.

The text of the spam-message was:
Quote:
PART TIME, FULL TIME.
We are central to market for leading companies. Online advertising to promote the search for more work with the program automatically. The work is not very easy. Can do after work. 2-3 hour after the class was just using HOTMAIL, YAHOO, FACEBOOK, WEBSITE as they begin work.
- Get / send e-mail message to a member of our guests.
- Posted by news sites.
- To send information to customers or the general membership.

Working at home via the Internet 100%.
- Male / Female age.
- A personal computer, Internet or USB available.
- A 2-3 hour time
- Seriously.
- Be yourself.
- I do not have the coaching staff before the start.

To earn:.
The idea of doing a lot of work to do as little or as much as you do not pay two times within a month.

Only for people who are really interested only. And the program. And the self only.

Previous spams were more specific, suggesting that with part-time jobs salaries of Thb 15,000 p/m could be earned, and with full-time activity even 60,000 p/m (= about 2,000 US$). In such cases the scam-nature was evident, because the average Thai earns about Thb. 9,000 p/m working 60 hours per week. Also often a fake company-name was used; a notorious one being Hy Ads.biz (also spelled as HyAds.bizz). One of these forms was never suspended though it dates from 2011-06-30:
https://spreadsheets.google.com/spreads ... NDJ1MVE6MQ

Later scam-forms from HyAds were all suspended by Google. For a short while, Google was quite responsive suspending all reported forms within about 12-24 hours. These scams than stopped using Google and abused the services from Emailmeform.com, Jotform.com, Yolasite.com and Weebly.com. All of these companies suspended the spam-links way faster than Google; EMF.com as fast as within 30 minutes of having received the spam-report. After Google started getting slower again the spams alternating used Google and 2 of the mentioned form-providers. Now Google has stopped suspending Thai links, none of the other providers is being used anymore.

I also wonder what lawsuits Google would have to fear. It is not allowed to use docs/spreadsheets.google for spam. And that all links I have mentioned were spammed is a fact that can easily be proven by the original UBE's (which I can provide).

Edit: I think I should not have mentioned the 'work-from-home'-scams in this phishing-thread, as they are rather a kind of "advance fee-"scam; not the 419-style, but scams in which one has to pay, to get a job that does not exist, or for mailing-lists that are just harvested e-mail-lists. Maybe a new thread "doc.google.com/spreadsheets scams" or just "doc.google.com/spreadsheets spam" should be created, and the posts moved there?


Top
 Profile  
 PostPosted: Tue Apr 17, 2012 3:59 pm   
Spam Investigator
User avatar

Joined: Fri Jan 23, 2009 12:28 pm
Posts: 300
All the reported spam-links I have mentioned above are now suspended by Google (except from the obsolete one from August 2011).

My thanks to the flash mob!! (and to my Indian friend from the UK, who included a link to this forum-thread in his report to GoogleHelp :) )


Top
 Profile  
 PostPosted: Wed May 02, 2012 10:46 pm   
Spammer Killing Machine
User avatar

Joined: Sun Jun 13, 2010 5:22 pm
Posts: 528
Here is a recently expressed personal opinion of an extraordinarily capable PhishTank volunteer moderator
Quote:
There are currently just over 3,000 online valid phishing sites - http://www.phishtank.com/stats.php

Google seems to be hosting about 370 of them - http://www.phishtank.com/asn_search.php ... rch=Search which is about 12%.

The oldest Google hosted phish goes back to Jun 24th 2008 - http://www.phishtank.com/phish_detail.p ... _id=465461

I've reported about 10 using the online abuse report forms but unfortunately it doesn't look like Google are going to do anything about these phishing sites.


Top
 Profile  
 [ 15 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Wayback machine and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008