~Toughbooktalk~

Cyber thieves are luring victims to give up personal information using legit-looking forms in Google Docs

Spammers have been exploiting cloudlike products for years to send spam -- think Hotmail or Gmail. But now they're taking greater advantage of cloud computing, employing techniques and traversing avenues we haven't seen before.Among the many cloud services being abused are Google's popular offerings, including Google Docs and Google+. Users and organizations alike need to be aware of these threats and prepare accordingly.
Phishers are using Google Docs to trick users in revealing confidential information. This attack method works as follows: Phishers create forms to collect and summarize data in Google Spreadsheets and Docs. These forms, which phishers design to look as though they come from a legitimate third-party domain, such as a bank, provide places for victims to enter personal identification and log-on information.
Using built-in form functionality, phishers send email message to a list of prospective targets. The message contains a simple URL linking to the form. One giveaway that you're looking at a potential phishing form and not a trusted site is a URL that takes you to a spreadsheet.google.com address, containing the command word "formkey" at the end, follow by an equal sign and the form's randomly generated identifier link. Often the forms are protected by HTTPS, so it's difficult for organizations to intercept or inspect them.
Many users are probably already aware of these new spamming and phishing attacks, but I bet many others aren't. Consider this your wake-up call that a new attack paradigm is out there, and vendor defenses either aren't in place yet or aren't very sophisticated. Right now, until our traditional antispam and antiphishing tools come up to date on these avenues of attack, we defenders are left with our own homegrown custom protection and end-user education.