In the old days you really needed to be a bit technology-savvy to implement a good phishing scam. You need a way of sending out emails, a web site for them to link back to that wouldn’t be blacklisted and couldn’t be traced, plus the ability to create an HTML form to capture and record the results.
These inconvenient barriers to entry have been swept away by Google Apps.
A few days back I received a phishing scam email pointing to a form hosted by Google. Within a couple of minutes of its arrival an abuse report was filed with the Google Apps team. You’d might expect them to deal with such matters, but this still hadn’t been actioned two days later.
If you want to have a go, the process is simple. Get a Gmail account, go to Google Docs and select “Create New…Form” from on the left. You can set up a data capture form for anything you like in seconds, and call back later to see what people have entered.
Such a service is simply dangerous, and Google doesn’t appear to be taking this at all seriously. Given their “natural language technology” it shouldn’t be hard for them to spot anything looking like a phishing form so, I decided to see how easy it was and tried something blatant. This is the result:
No problem! Last time I checked the form was still there, although I haven’t asked strangers to fill it in.