Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Google’s Public Service Search: A Haven For Phishers

A scientist has rigged a security breach in Google Public Search application to conduct a misleading phishing strike giving the impression of having originated from Google's site. Cyber-terrorists have intensified their assault on the domains of Google, aiming Gmail.

The bogus access page "Gmail Plus" is an instance of a bogus website. It's a replica of the actual Google's personal domain, intended to dupe users into yielding confidential data.

A freelance scientist Farraro, stated that he had informed Google about the abuse immediately. He detected it whilst adding the lawful Google search engine to a document at job.

Eric Farraro got the page to reveal a fault in the obscure Google Public Service Search, which offered shared search pages to academe and nonprofit organizations.

Farraro successfully created a page at www.google.com/u/gplus, a website resembling Gmail access page with Javascript program to eliminate the co-branding of Google.

The forged Gmail Plus claiming to be a Gmail plus Orkut site doesn't really thieve your identity and access code. On giving identification details on the false access page a fresh page informing- "You have been assisted!", comes up with the identical login name and identification.

Google, after admitting a phishing breach on its Google Public Service Search service has dismantled it till the problem is fixed.

Google has been attacked by phishing abuse earlier also. The phishing breach in Public Search site was especially disturbing as it abused Google's actual domain, like the PayPal fault detected previously this year. Several anti-phishing precautions count on discovering fake domains.

Websense security labs in July complained that phishing attacks have become more aggressive with the introduction of Google Checkout. In the recent hit, users are presented a travestied imitation of the Gmail access page with a content declaring, "You WON $500.00!" The page informs the subscriber that the cash will be transferred to an e-Gold, StormPay, PayPal, or MoneyBookers account of his or her option. But, the subscriber must register for "Gmail Games" initially and forfeit $8.60 as admission charge. The subscriber is then guided to a real payment website situated in U.S.A., as per Websense.

Related article: Google Rectifies Gmail flaw in Three Days

» SPAMfighter News - 9/26/2006

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page