It is surprising how spammers change their mode of action over time. Many mail servers like gmail, yahoo, outlook, etc., have anti-spam filters that work very well and are able to discern between grain and straw. However, sometimes it happens that emails arrive in your inbox that shouldn’t be in your inbox. In this article I talk about google docs emails that arrive in your inbox freely.
Spam emails in your inbox
I share a curiosity that has happened to me recently. I get up in the morning and see that I have an email in my inbox. Not in the spam folder, in the official inbox of my email. You can see the mail in Fig. 1.
In that email it invites you to click on a link that directs you to a google docs document, but in the RECEIVE LETTER part, there is the address that the spammer wants you to actually visit. At the bottom come people who have been sent that same email. All those people, including me, are on spam lists that have been collected in some way by the person sending us this message.
Who sends the mail from google docs
Entering the email we see that the address that sends it is a real and true address of google docs, email@example.com , hence theanti-spam filter has not paid attention to it and let you enter my inbox.
Authentic presentation of google docs
This is a true email from google docs, someone has sent it to me and reached me via a link. If we open it we actually get to an official website of google docs. This document, Fig. 2, is a presentation, which includes a single slide in which I am invited to confirm that I am over 18 years old since it is an adult page as we will see later.
As can be seen in the upper right corner there are more than 10 people watching that presentation, people who like me have received the original email. You don’t have permission to modify this presentation because you’re not the administrator. However, if you can request access, which will obviously be denied by the spammer.
I’ve been looking for a way to report that presentation from within google docs but I haven’t found it. From the same web interface of google docs there is no way to notify the inappropriate use of a document which is still curious and clearlywrong. Yes, there is the option, from the Help tool.
Analyzing the url with online tools
Obviously it’s an email inviting me to enter a website. That website is of adult content. By scanning the page with online tools like total virus, www.virustotal.com,I find that there is an engine that detects malicious content. It can be seen in Fig 3..
The engine that has detected malicious content is Forcepoint Threatseeker. We enter that website and analyze the url in detail again.
The summary provided by this page informs us that real-time analysis of the content of the url indicates that thewebsite is compromised and contains malicious content for the visitor. They recommend that you don’t visit that url from a web browser until that content is removed.
- We could summarize what has happened in this way:
- An email sent from google docs has reached my inboxdirectly, defeating the anti-spam filter on my email server.
- The email is sent by an address, firstname.lastname@example.org,is an authentic address that google docs uses when you share a file.
- The email redirects me to a google docs presentation with a single slide, where a link to an external web page comes.
- Inappropriate use cannot be reported from the google docs web interface.
- The website to which you direct the presentation url is an adult content website.
- The website has malicious content.
Therefore, I understand that this is an email filter vulnerability that has let my inbox pass a url because it is an authentic google docs address. And google docs also doesn’t allow you to report inappropriate content.
Finally, it should be said that after a short time google tossed that document, restoring itself again the balance in the universe.