Google Docs allows users to create documents, spreadsheets, et cetera at google.com (hosted in Google's cloud):

Spreadsheets can even contain functionality, such as forms, and these can be published to the whole world.

Unfortunately, that means we regularly see phishing sites via Google Docs spreadsheets and hosted on spreadsheets.google.com.

Here are some examples:

What a stupid phishing site.

This site goes to great lengths to make sure you double-check that the URL you're on is accounts.craigslist.org.

And it isn't.

This has got to be one of the stupidest phishing attacks I've ever seen.

Nobody will ever fall for that.

Except they will.

The next time you see another post on a phishing attack and think "there's no way I'm going to fall for that", you might want to reconsider. As general users become adept at detecting a phishing attempt, the authors are changing their tactics and are taking the time to learn about the target beforehand.

We know you're not supposed to kick somebody when they're already down… but we just found a live phishing site running on one of Sony's servers.

However, this incident has nothing to do with the Sony PSN hack.

This is the official homepage of Sony Thailand:

New web filtering functionality means that we have extended Norton DNS protection beyond malicious and phishing sites to provide content filtering capability for over 55 million sites, in more than 23 different languages. Read on for a quick step by step guide to getting the protection of Norton DNS.

Facebook CEO, Mark Zuckerberg, has announced on their blog that the site will soon be offering new features and controls. The features include New Facebook Groups, a Dashboard for Applications, and the ability to Download Your Information.

#1 — Why the "new" Groups? According to Zuckerberg, people frequently tell them:

"I'd share this thing, but I don't want to bother 250 people. Or my grandmother. Or my boss."

Congratulations, you noticed the mismatch between the page contents — clearly for a bank — and its dubious URL! Another extra point if you suspected something is off in Step 1. That is because on the actual log in page, users are reminded to verify that they are at the correct URL address. Other than these two differences, both pages look identical.

1         Executive Summary

We at TrustDefender Labs have been analysing various transactional Trojans for quite a while, and lately Zeus has been at the top of the class with a massive feature-set and a massive distribution network. Why create a new Trojan if the existing ones are still highly effective?

There's an interesting Windows+mobile case today involving a ZeuS variant that steals mTANs, using a Symbian (.sis) or Blackberry (.jad) component.

Someone has been trying to pose as us again, and is sending out an e-mail that looks like this:

From: Account Support
Date: Saturday, August 28, 2010 4:33 AM
To: none
Subject: Account Alert!!!