Google’s Public Service Search: A Haven For Phishers
A scientist has rigged a security breach in Google Public Search application to conduct a misleading phishing strike giving the impression of having originated from Google's site. Cyber-terrorists have intensified their assault on the domains of Google, aiming Gmail.
The bogus access page "Gmail Plus" is an instance of a bogus website. It's a replica of the actual Google's personal domain, intended to dupe users into yielding confidential data.
A freelance scientist Farraro, stated that he had informed Google about the abuse immediately. He detected it whilst adding the lawful Google search engine to a document at job.
Eric Farraro got the page to reveal a fault in the obscure Google Public Service Search, which offered shared search pages to academe and nonprofit organizations.
The forged Gmail Plus claiming to be a Gmail plus Orkut site doesn't really thieve your identity and access code. On giving identification details on the false access page a fresh page informing- "You have been assisted!", comes up with the identical login name and identification.
Google, after admitting a phishing breach on its Google Public Service Search service has dismantled it till the problem is fixed.
Google has been attacked by phishing abuse earlier also. The phishing breach in Public Search site was especially disturbing as it abused Google's actual domain, like the PayPal fault detected previously this year. Several anti-phishing precautions count on discovering fake domains.
Websense security labs in July complained that phishing attacks have become more aggressive with the introduction of Google Checkout. In the recent hit, users are presented a travestied imitation of the Gmail access page with a content declaring, "You WON $500.00!" The page informs the subscriber that the cash will be transferred to an e-Gold, StormPay, PayPal, or MoneyBookers account of his or her option. But, the subscriber must register for "Gmail Games" initially and forfeit $8.60 as admission charge. The subscriber is then guided to a real payment website situated in U.S.A., as per Websense.
Related article: Google Rectifies Gmail flaw in Three Days
» SPAMfighter News - 26-09-2006