May Day Gmail phishing

Filed Under: Google, Phishing, Spam

Mrs Clu-blog received an email yesterday purporting to come from the Gmail security team. If she had been bleary-eyed from the May Day morning festivities in Oxford then perhaps she would have clicked on the link without considering the consequences, but thankfully she thought twice.

Gmail phishing email

The email reads:

From: Gmail Security Team <access@gmail.com>
Subject: Secure Your Gmail Account

We have initiated verification on your email address.

Verifying your email address ensures that you can securely retrieve your account information if your password is lost or stolen. You must verify your email address before you can use it on Gmail services that require an email address.

To complete verification, click on the link below:

CLICK HERE TO SECURE YOUR GMAIL

For your security, please keep your email address information up-to-date.

Thank You
Gmail Team

© 2010 Google. All Rights Reserved

Of course, the email isn't really from the team at Google's Gmail service. And clicking on the link will take you a third-party site that does a pretty convincing job of displaying a webpage identical to the Gmail login screen, for the purposes of stealing usernames and passwords.

Further investigation uncovers that the website that users are directed to contains multiple phishing pages, not just those aimed at Gmail users.

, ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.