Phishing attack attempts to steal Google passwords via Red Cross website

Filed Under: Featured, Google, Phishing, Spam

Always be careful about the links that you click on in unsolicited emails - are they really taking you where you think they're taking you to?

That's an important lesson for all computer users to learn, and it's brought home by this email we intercepted overnight:

Phishing email

Subject: Re: Order

Message body:
Thanks for the email, i have tried to send you our company profile but its not going through, so i have decide to send it via Google Docs. all email account work with Google Docs all you need to do is to click the link below and login to view the document.

Click here to View

And get back if you will like to do business with us thanks.


So, what do you imagine happens if you click on that link?

Well, you will end up on a website looking like this:

Google phishing webpage

At first glance, you might imagine you are logging into Google Docs to see the content from the email's sender - but a closer examination of the URL bar reveals that this isn't Google at all that you're visiting, but instead a phishing page hidden away on the Ethiopian Red Cross Society's website.

Of course, you shouldn't enter your credentials on the page - as they are likely to end up in the hands of cybercriminals. And with so many people running their lives via Google's online tools (email, calendars, and so forth) you can understand why it's becoming increasingly attractive for online criminals to steal usernames and passwords from unsuspecting users.

Sophos has attempted to inform the Ethiopian Red Cross Society about the security breach on their website, and hopefully they will resolve the issue soon.

If you run a website make sure you are doing everything to keep it as secure as possible - for both your company's sake, and that of your users. If you haven't already done so, read this informative paper by SophosLabs, "Securing websites", which covers some of the issues.

, , , ,

You might like

9 Responses to Phishing attack attempts to steal Google passwords via Red Cross website

  1. MikeP_UK · 952 days ago

    Yet another good reason to not trust any on-line service. I never use any 'cloud' style services and most don't actually need them. With scam like this they are clearly a risk for many.
    Don't believe anything you see on the web until you check it out carefully and never, never click on any licks in emails from unknown or dubious sources.

  2. gmd · 952 days ago

    The dead giveaway that this is a dubious email is the grammar mistakes typically made by African scammers "so i have decide to send it via Google Docs. all email account work with Google Docs" decide/decided and account/accounts. I have sometimes wondered whether these kind of mistakes could be added to a junk email filter?

    • Smith · 940 days ago

      Check out and correct your grammar first before invigilating and pointing other people's..........

  3. Colin · 952 days ago

    I agree with gmd, but unfortunately, even official communications are prone to bad grammar, misspelling, lack of use of capitals, and etc. This is exacerbated by companies using the cheapest source for their communication needs or call centers, (centres if you are a Brit), so you see that not all English speaking countries use the same spelling!
    And then of course, we are all falling foul of bad spelling or grammar being acceptable, due to the increasing use of portable electronic devices!

  4. Colin · 952 days ago

    This is a good reason for setting up 2 factor authentication on your Google account. Even if somebody gets your password they can't login without having your mobile as well. I have set mine up. Don't just rely on passwords.

  5. Nigel · 952 days ago

    I do some consulting work for an organization that asked me to create content for their customer questionnaires. When I learned that they wanted to use GoogleDocs for distributing and retrieving the documents, I balked, then refused. Knowing that they have a penchant for security, I told them they'd be ill-advised to entrust their customers' information to GoogleDocs. Instead, I set up their questionnaires as encrypted (strong password), user-fillable PDF forms, distributed from their own server, and retrievable via return email attachments. It's a much better system (GoogleDocs provides very primitive document formatting options), and it's considerably less risky than GoogleDocs.

    While the particular episode covered in the article doesn't report any security breach with GoogleDocs, it points to one of the ways in which running your documents through that service can lead to mischief. As with all such "free" services, GoogleDocs really isn't free, and one of the hidden costs is greater security risks.

  6. julian · 952 days ago

    First it doesnt look anything like google docs second there is a navigation bar at the to above the login info and the picture of acceptable services. I was looking at the code of the site and well lets just says it told me it was there and i clicked and it was to remax.

  7. I would more loudly applaud this article, if it was clear from the outset [as in headline] that this was involving only an Ethiopian [emphasis] Red Cross site.

    Sadly, donors to other Red Cross organizations will only read the headline, and mistakenly consider their nation's Red Cross to be somehow complicit or comprimised and donate elsewhere.

    A bit of more clarity on behalf of the writer would help those who genuinely help others in their time of need.

    Brian Humphrey

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley