Posted by: David Harley | May 2, 2010

GMail phishing

Not a chain letter, but I don’t intend to confine this blog to classic chain mail: the hoax, spoof and scam landscape is a lot more complicated these days, and various kinds of nuisance and threat are more closely interwoven than you might think.

This one comes by way of Graham Cluley of Sophos (one of the few companies to maintain a hoax database, by the way – see – though they focus mostly on virus hoaxes, which aren’t as common now as in the 1990s).

It describes email that claims to have been sent by the “Gmail Security Team” (yeah, right…) requiring the recipient to “verify” his account details. Of course, the email links to what looks like (but isn’t) the Gmail login page, and the site in question includes lots of other phishing pages pretending to belong to other legitimate concerns. And as Graham has just pointed out, I forgot to include a link to his full blog at sorry, Graham!

You may wonder why your Gmail credentials are as interesting as your banking credentials, for instance. For a number of reasons.

In fact, the ways in which Gmail and other Google services can be exploited have been pretty big news in the past few weeks. See some of my recent ESET blogs for examples:

Mac Virus
Small Blue-Green World
AVIEN Chief Operations Officer
ESET Research Fellow & Director of Malware Intelligence

Also blogging at:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: