Phishers Stole E-mail Passwords of the US Officials: Google

Google has recently discontinued what it thinks to be a phishing campaign targeted at compromising e-mail from the government officials, contractors, as well as military personnel, as reported by PC World on June 2, 2011.

Google revealed details regarding the phishing campaign on Wednesday (June 1, 2011), though the phishing campaign was initially overtly unveiled by the blog Contagio malware Dump, during February 2011.

These attacks utilized particularly designed e-mail messages, crafted to give the impression as if they have come from reliable source to the victim. Victims were dispatched fake e-mail messages that seemed that they have come from some friends or associate agencies, including targets in the U.S. Department of State, the Office of the Secretary of Defense, and Defense Intelligence, as reported by Contagio malware Dump.

Contagio malware Dump highlighted that, the message is designed to seem like it has an attachment with links, such as View, Download and a name of the hypothetical attachment. On clicking, the link directs to a bogus Gmail login page for acquiring login credentials.

On acquiring access to the Gmail accounts, the scam artists then forwarded e-mail to their own addresses and gained the information they found to launch future attacks.

Google highlighted that, the campaign seems to originate from Jinan, China, but didn't share any proof substantiating that assertion.

According to a Google's blog post namely, "Ensuring your information is safe online", the objective of this attempt seems to have been to view the text or body of these users' e-mails, with the executors actually utilizing compromised passwords to modify users' forwarding and delegation settings.

Google's blog post offers an array of guidelines for keeping accounts safe. They include usage of a two-step verification process while logging in to accounts to insert an additional layer of safety to the login procedure. Besides, Gmail cautions netizens of apprehensive logins to their accounts.

Nevertheless, as for the above mentioned instance, Google stated that, it has already informed those who were affected and has also protected the accounts.

Finally, Gmail isn't the sole free e-mail service to be attacked lately. During May 2011, cybercriminals took advantage of flaw in Microsoft's rival Hotmail that enabled them to compromise private data and user contacts without cautioning. The in-the-wild attacks were exposed only after they were unveiled by third-party researchers.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 6/11/2011