Always be careful about the links that you click on in unsolicited emails – are they really taking you where you think they’re taking you to?
That’s an important lesson for all computer users to learn, and it’s brought home by this email we intercepted overnight:
Subject: Re: Order
Thanks for the email, i have tried to send you our company profile but its not going through, so i have decide to send it via Google Docs. all email account work with Google Docs all you need to do is to click the link below and login to view the document.
Click here to View
And get back if you will like to do business with us thanks.
So, what do you imagine happens if you click on that link?
Well, you will end up on a website looking like this:
At first glance, you might imagine you are logging into Google Docs to see the content from the email’s sender – but a closer examination of the URL bar reveals that this isn’t Google at all that you’re visiting, but instead a phishing page hidden away on the Ethiopian Red Cross Society’s website.
Of course, you shouldn’t enter your credentials on the page – as they are likely to end up in the hands of cybercriminals. And with so many people running their lives via Google’s online tools (email, calendars, and so forth) you can understand why it’s becoming increasingly attractive for online criminals to steal usernames and passwords from unsuspecting users.
Sophos has attempted to inform the Ethiopian Red Cross Society about the security breach on their website, and hopefully they will resolve the issue soon.
If you run a website make sure you are doing everything to keep it as secure as possible – for both your company’s sake, and that of your users. If you haven’t already done so, read this informative paper by SophosLabs, “Securing websites”, which covers some of the issues.
9 comments on “Phishing attack attempts to steal Google passwords via Red Cross website”
Yet another good reason to not trust any on-line service. I never use any 'cloud' style services and most don't actually need them. With scam like this they are clearly a risk for many.
Don't believe anything you see on the web until you check it out carefully and never, never click on any licks in emails from unknown or dubious sources.
The dead giveaway that this is a dubious email is the grammar mistakes typically made by African scammers “so i have decide to send it via Google Docs. all email account work with Google Docs” decide/decided and account/accounts. I have sometimes wondered whether these kind of mistakes could be added to a junk email filter?
Check out and correct your grammar first before invigilating and pointing other people's……….
I agree with gmd, but unfortunately, even official communications are prone to bad grammar, misspelling, lack of use of capitals, and etc. This is exacerbated by companies using the cheapest source for their communication needs or call centers, (centres if you are a Brit), so you see that not all English speaking countries use the same spelling!
And then of course, we are all falling foul of bad spelling or grammar being acceptable, due to the increasing use of portable electronic devices!
This is a good reason for setting up 2 factor authentication on your Google account. Even if somebody gets your password they can't login without having your mobile as well. I have set mine up. Don't just rely on passwords.
I do some consulting work for an organization that asked me to create content for their customer questionnaires. When I learned that they wanted to use GoogleDocs for distributing and retrieving the documents, I balked, then refused. Knowing that they have a penchant for security, I told them they'd be ill-advised to entrust their customers' information to GoogleDocs. Instead, I set up their questionnaires as encrypted (strong password), user-fillable PDF forms, distributed from their own server, and retrievable via return email attachments. It's a much better system (GoogleDocs provides very primitive document formatting options), and it's considerably less risky than GoogleDocs.
While the particular episode covered in the article doesn't report any security breach with GoogleDocs, it points to one of the ways in which running your documents through that service can lead to mischief. As with all such "free" services, GoogleDocs really isn't free, and one of the hidden costs is greater security risks.
First it doesnt look anything like google docs second there is a navigation bar at the to above the login info and the picture of acceptable services. I was looking at the code of the site and well lets just says it told me it was there and i clicked and it was to remax.
I would more loudly applaud this article, if it was clear from the outset [as in headline] that this was involving only an Ethiopian [emphasis] Red Cross site.
Sadly, donors to other Red Cross organizations will only read the headline, and mistakenly consider their nation's Red Cross to be somehow complicit or comprimised and donate elsewhere.
A bit of more clarity on behalf of the writer would help those who genuinely help others in their time of need.