Posted by: David Harley | May 2, 2010

GMail phishing

Not a chain letter, but I don’t intend to confine this blog to classic chain mail: the hoax, spoof and scam landscape is a lot more complicated these days, and various kinds of nuisance and threat are more closely interwoven than you might think.

This one comes by way of Graham Cluley of Sophos (one of the few companies to maintain a hoax database, by the way – see http://www.sophos.com/security/hoaxes/ – though they focus mostly on virus hoaxes, which aren’t as common now as in the 1990s).

It describes email that claims to have been sent by the “Gmail Security Team” (yeah, right…) requiring the recipient to “verify” his account details. Of course, the email links to what looks like (but isn’t) the Gmail login page, and the site in question includes lots of other phishing pages pretending to belong to other legitimate concerns. And as Graham has just pointed out, I forgot to include a link to his full blog at http://www.sophos.com/blogs/gc/g/2010/05/02/day-gmail-phishing/: sorry, Graham!

You may wonder why your Gmail credentials are as interesting as your banking credentials, for instance. For a number of reasons.

In fact, the ways in which Gmail and other Google services can be exploited have been pretty big news in the past few weeks. See some of my recent ESET blogs for examples:

David Harley FBCS CITP CISSP
Mac Virus
Small Blue-Green World
AVIEN Chief Operations Officer
ESET Research Fellow & Director of Malware Intelligence

Also blogging at:
http://www.eset.com/blog
http://avien.net/blog/
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://macvirus.com
http://amtso.wordpress.com

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: