May Day Gmail phishing

Mrs Clu-blog received an email yesterday purporting to come from the Gmail security team. If she had been bleary-eyed from the May Day morning festivities in Oxford then perhaps she would have clicked on the link without considering the consequences, but thankfully she thought twice.

Gmail phishing email

The email reads:

From: Gmail Security Team <>
Subject: Secure Your Gmail Account

We have initiated verification on your email address.

Verifying your email address ensures that you can securely retrieve your account information if your password is lost or stolen. You must verify your email address before you can use it on Gmail services that require an email address.

To complete verification, click on the link below:


For your security, please keep your email address information up-to-date.

Thank You
Gmail Team

© 2010 Google. All Rights Reserved

Of course, the email isn’t really from the team at Google’s Gmail service. And clicking on the link will take you a third-party site that does a pretty convincing job of displaying a webpage identical to the Gmail login screen, for the purposes of stealing usernames and passwords.

Further investigation uncovers that the website that users are directed to contains multiple phishing pages, not just those aimed at Gmail users.