Phish Using Google Calendar Again StartedAccording to the news published by heise online on December 29, 2008, cyber criminals are once again abusing Google Calendar to fulfil their phishing ambitions. According to the reports, the crime was first spotted in June 2008. Security company Sophos was originally behind the detection of this phishing scam. Sophos security researchers said that Google Calendar phishing relies on event invitations sent to Calendar users as it directs them to verify their account information or face account deletion. Victims of the attack are directed to acknowledge the invitation by authenticating their date-of-birth, username and password. The researchers comment that the invitations, which carry the full names of the users, appear to have a touch of genuineness. A portion of the current invitation says that the e-mail has been sent by Gmail Customer Care to all owners of Gmail E-mail User Accounts for security reasons. It then says that since there are too many unnamed registrations of Gmail accounts taking place, leading to congestion; therefore, some of the Gmail accounts are shutting down including the e-mail recipient. Finally, it says that the e-mail is being sent to the recipient to get his/her confirmation whether he/she still desired to use the account. Furthermore, the phishing message seems to arrive from an ID customerserviceXXXX@gmail.com where XXXX represents a 4-digit number. When users click on the given link, they are led to the actual information page of Google Calendar event that, however, contains several phrasing and grammatical mistakes in the event's description. Graham Cluley, Research Analyst at Sophos, said that in the phishing scam, a scammer seems to have created a Gmail account with the name, "Customer Varification" (a spelling error that should raise suspicion), along with adding the users' names as invitees to the event to grab their credentials. He explains that Google itself has subsequently sent the invitation, representing them and acting in an automatic fashion, helpfully adding the real name of the recipients, as reported by Sophos on December 29, 2008. Meanwhile, Gmail users have been suggested to report any phishing e-mail they receive immediately. Related article: PC-Virus of 2005 Threatening Japanese Bank Accountholders, Warns Symantec » SPAMfighter News - 1/5/2009 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
