Google Subscribers Receive Fraudulent E-mails Regarding Dubious Sign-in Attempt
According to security experts, spam mails posing as messages from The Google Accounts Team have been observed that alert of one "suspicious sign-in" as they hit the inboxes of Google subscribers, thus published Help Net Security dated September 4, 2012.
Depicting a header "Suspicious sign in prevented," the spam mail, falsely dispatched from firstname.lastname@example.org, asserts that some mischievous hacker tried to gain admission into the Google Account of the e-mail receiver. Although, according to the e-mail, Google prevented the sign-in act still the recipient requires seeing the given attachment to know more about the attempted hack.
But, rather than show details like the Internet Protocol (IP) address in connection with the prevented act of logging in, the zipped archive in the attachment, craftily named Google_Accounts_Alert-6284-S44-8098.zip, in reality carries one executable viz. one of the backdoor Trojans, which enables other malware to enter and infect the victim's PC.
The Trojan reportedly has been caught in only 21 anti-virus scanners of the total 42 of VirusTotal.
Disturbingly, it's because of the above kinds of destructive spam mails, which have resulted in an increase in malware online, state the analysts of the current bulk e-mail scam. Their statement gets the backing of data that FireEye, a security company released in its "The FireEye Advanced Threat Report" that reveals a 56% rise in malicious e-mail related assaults during Q2-2012 over Q1-2012. The assaults involved electronic mails dispatched with malevolent web-links or similar attachments or both.
Consequently, Google suggests Internet users to remain cautious should such e-mails land in their mailboxes. It states that they can prevent their accounts from the clutches of sinister people by ensuring they create strong passwords as well as follow the two-way validation system. However, using common sense is paramount even with all safeguards, the Internet major states still further.
Meanwhile, Google users getting attacked with Internet scams aren't unprecedented. During April 2012, accountholders within Google's Gmail utility got attacked with a phishing scam that spoofed Gmail. The scam reportedly stole the usernames and passwords of the accountholders which were then stored inside one data repository which the phishing criminals remotely regulated.
Related article: Google’s Public Service Search: A Haven For Phishers
» SPAMfighter News - 12-09-2012