MX Lab, http://www.mxlab.eu, has intercepted emails with a request for a product that is in fact an phishing attempt in order to get the email account login details in a Google Docs lay out.
The email comes with the subject “RE: Urgent Order” and is in this case sent from the email address “David Brown <email@example.com>”.
We understand there might be a little difficulty in opening the file which was attached for the product sample which is why we have decided to open a Google document account. Please this product is needed urgently and we are ready to transfer all payment as soon as agreement is reach between the two parties.
Please visit our google document page to view the product below. You will be required to sign in to view it, if you do not have a Google or Yahoo account you can choose “Other Email” to sign in and view it. You can call or email us as soon as possible. Also you can either click or copy the link to a URL
We do await your immediate response concerning this product.
Thanks for your response one more time.
God bless you.
Golden Packs Group of Company
4023 Park Blvd
Wildwood, New Jersey 08260
Contact No: +1 (254) 935-9787
The Google Docs URL contains the value hxxp://www.gardnersdogandcatcare.com/gd.php that redirects you to hxxp://www.onlineopportunityplus.com/gallery/wp-includes/file/googledocument/googledoc/index.htm.
However, the Google DOcs URL is also active.
In both cases, you will get the following page.
You will get a popup to fill in your email address and password when you select one of the email providers.
Afterwards, the Google Doc page will be openend with the message:
Please Check out this product and do let us know if you have it or anyone who produce it as soon as possible
Below the full content of the page.
MX Lab recommends not to open or follow Google Docs URLs when the sender can not be verified or when the message itself looks suspicious.