Mrs Clu-blog received an email yesterday purporting to come from the Gmail security team. If she had been bleary-eyed from the May Day morning festivities in Oxford then perhaps she would have clicked on the link without considering the consequences, but thankfully she thought twice.
The email reads:
From: Gmail Security Team <firstname.lastname@example.org>
Subject: Secure Your Gmail Account
We have initiated verification on your email address.
Verifying your email address ensures that you can securely retrieve your account information if your password is lost or stolen. You must verify your email address before you can use it on Gmail services that require an email address.
To complete verification, click on the link below:
CLICK HERE TO SECURE YOUR GMAIL
For your security, please keep your email address information up-to-date.
© 2010 Google. All Rights Reserved
Of course, the email isn’t really from the team at Google’s Gmail service. And clicking on the link will take you a third-party site that does a pretty convincing job of displaying a webpage identical to the Gmail login screen, for the purposes of stealing usernames and passwords.
Further investigation uncovers that the website that users are directed to contains multiple phishing pages, not just those aimed at Gmail users.