Google Accountholders Targeted with Fresh Phishing E-mail Scam

BitDefender the security company has just spotted one fresh phishing scam that's attacking users' Google accounts, with a number of people already being victimized. The assault has been designed fairly well so is more difficult to catch compared to conventional phishing scams.

Reportedly, the assault involves an electronic mail apparently from Google, bearing the subject "New Lockout Notice" or "Mail Notice."

The text in the fraudulent e-mail tells recipients that Google is about to freeze their A/Cs within 24-hrs as the storage quota of their e-mail hasn't been effectively increased. There's also one web-link embedded which suggests that users should follow it, labeled "INSTANT INCREASE," so they can eschew having their A/Cs shutdown.

But, on following the web-link, one Google page for logging in opens, but like any phishing assault, it mimics the real login page, while directs to enter the user's credentials. And when entered, the account gets hijacked.

Interestingly, in the new attack, end-users eventually find the 'data:' within the address bar of their Web-browser that suggests that certain data Uniform Resource Identifier (URI) system has been used, BitDefender adds.

With such data URI system, online fraudsters can insert data in-line within any section of a website in such a manner as to appear like external contents. Utilizing Base64 encoding, the system educes file contents: within the current instance, the contents are false as they're taken from the spoofed or phishing page. The contents are encoded inside the data Uniform Resource Identifier.

Now, Google Chrome does not exhibit the entire encoded string, so normal end-users fail to recognize the phishing assault targeting them, leading them to reveal personal details to the scammers.

According to specialists, scammers mostly pretend to be services dispatching notifications/announcements to Internauts through e-mail. The most favorite disguises of phishers are eBay, Facebook, financial institutions, phone services in addition to Google.

Therefore, the solution for not having the new phishing scam compromise one's account is to exercise his/her common sense i.e. to think prior to logging in. For, Google does not ever send e-mails to A/C-holders requesting account details. It doesn't also lock A/Cs because of storage problems.

» SPAMfighter News - 5/21/2014