iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Oops, Fake Google Invites Users To Go Phishing
Search:
[ insider_reports_insider ]

Oops, Fake Google Invites Users To Go Phishing



SecurityProNews
Staff Writer
2008-12-30

SecurityProNews: Insider Reports Insider Reports RSS Feed


If scammers could spell, they'd really be dangerous, especially when Google's asleep at the wheel. The latest scam utilizes an actual Google Calendar invitation in an attempt to dupe recipients into providing their Gmail passwords and birth dates. The email comes from someone with the user name "customer varification."

Oops, Fake Google Invites Users To Go Phishing
Oops, Fake Google Invites Users To Go Phishing

The full email address is customerservice1026@gmail.com, so feel free to set up a fake account and spam them at will. And just so you know, official emails from Google generally are from google.com, e.g., customerservice@google.com, and they generally spell words correctly.

Thanks to a tipster, Sophos' Graham Cluley offers the details of this alarming phishing scheme. In their email, recipients receive a genuine Google Calendar invitation to a bogus event appearing at a glance to come from Google itself.

Once clicking through to attend the "event," recipients are greeted in part with this message:

THIS Email is from Gmail Customer Care and we are sending it to every Gmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Gmail accounts so we are shutting down some Gmail accounts and your account was among those to be deleted.We are sending you this email so that you can verify and let us know if you still want to use this account.

Another clue that the invite is bogus is the improper plurality of the word of "congestion."

"What's happened here," writes Cluely, "is that a scammer has created a Gmail account with the name ‘Customer Varifaction' (another spelling mistake which should have raised suspicion) and added these people as guests to an event designed to steal their credentials. Google itself has then sent the event invitation email automatically on their behalf, helpfully inserting the recipients' real names."

Savvy users won't fall for it, but all it takes is a distraction-being sick, hungover, busy, etc.-for the correspondence to seem legitimate. Keep your head about you and think about the backlash Google would have for even thinking about deleting people's email accounts. And it seems like Google should find a way to be more vigilant about people setting up customer service addresses.


About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds