Phishing attack attempts to steal Google passwords via Red Cross website

Phishing for Google passwords

Always be careful about the links that you click on in unsolicited emails – are they really taking you where you think they’re taking you to?

That’s an important lesson for all computer users to learn, and it’s brought home by this email we intercepted overnight:

Phishing email

Subject: Re: Order

Message body:
Thanks for the email, i have tried to send you our company profile but its not going through, so i have decide to send it via Google Docs. all email account work with Google Docs all you need to do is to click the link below and login to view the document.

Click here to View

And get back if you will like to do business with us thanks.


So, what do you imagine happens if you click on that link?

Well, you will end up on a website looking like this:

Google phishing webpage

At first glance, you might imagine you are logging into Google Docs to see the content from the email’s sender – but a closer examination of the URL bar reveals that this isn’t Google at all that you’re visiting, but instead a phishing page hidden away on the Ethiopian Red Cross Society’s website.

Of course, you shouldn’t enter your credentials on the page – as they are likely to end up in the hands of cybercriminals. And with so many people running their lives via Google’s online tools (email, calendars, and so forth) you can understand why it’s becoming increasingly attractive for online criminals to steal usernames and passwords from unsuspecting users.

Sophos has attempted to inform the Ethiopian Red Cross Society about the security breach on their website, and hopefully they will resolve the issue soon.

If you run a website make sure you are doing everything to keep it as secure as possible – for both your company’s sake, and that of your users. If you haven’t already done so, read this informative paper by SophosLabs, “Securing websites”, which covers some of the issues.