Security Researcher Intercepted Phishing Email Campaign which Aimed at Google Users
HELP NET SECURITY reported on 30th January, 2014 stating that an attempt aimed at gathering users' Google account details by a very convincing phishing email has been identified by a security researcher.
The emails entitled "Suspicious sign-in prevented" and tells the recipient that someone in the recent past used incorrect password to sign into his Google account. This sign-in attempt was prevented assuming this was a captor trying to access the account. The recipient is advised to review the details of the sign-in attempt and if he does not recognize this attempt, then someone might be attempting to access his account. The recipient is told to check the activity immediately.
Security expert highlights that the phishing notification contains the Google logo and comes from a false address which can dupe unconcerned users to believe that it was in reality sent by the search giant.
The main setback with this phishing campaign is that 'Google' actually sends these types of emails to users whenever doubtful login shots are identified.
However, cyber crooks have also been sending such fake emails over the past many years and in some cases, the bogus emails are utilized to dispense malware and to lure Internauts to phishing websites.
Security expert notes in this particular incident that Internauts are diverted to a phishing website hosted on privacy.google-settings.com which might seem legitimate at first glance but it is not held by Google.
The expert notes that it has been listed by one 'Aksnes Thomas' from Sweden whose email address is firstname.lastname@example.org.
The security expert highlights that crooks harvested behind the scene on the information entered by those who believed the ruse. If you are one of those deceived, then login to legitimate page of Google and change your password to something stretched, complex that is hard to guess, as advised by the security expert.
This particular phishing webpage has been made unavailable but that does not suggest that others will not be employed in its stead and hence the security expert advises to be always cautious for comparable phishing attacks.
» SPAMfighter News - 06-02-2014