03 May 2011
I have just managed to avoid a phishing attack.
I received an email that professed to be from Gmail email@example.com. It looked like this in Mac Mail:
Dear Email Client,
We are upgrading our security systems and suspending all dormant accounts. We are sending this general message to all users to confirm their details for verification purpose. To verify your account is still active, please click on link here and follow the instructions. We are sorry for the trouble but we are trying to give you the best services. Thanks
I was suspicious because I am not a dormant user of GMail; my shiny new iPad checks all my email accounts every 15minutes!
I used Mail to view the email as ‘Raw Source’ and found that the “here” text linked to the site <http:// studymaterials.in/gmail.html> which proves the scam. If it was a real email from Google the high level domain would have been a .com of some sort, along with Gmail or Google or some thing as the server name, not “studymaterials”.
Looking at it ‘live’ the first sign it is a fake is that the free space counter was frozen at 2757.272164 megabytes. The second indication is that the size of free space on offer was less than 3MB which seems a bit small, given how many cloud computing sites offer free accounts of 3-4MB. (I checked and apparently Google’s free space allowance surpassed 3MB in 2007. It currently sits at over 7.5MB).
The third sign of a scam is that the copyright date is 2010. Can you imagine Google not having a current calendar year date? Here is a real Gmail login page.
I then dobbed (Australian term meaning ‘report a felon to the appropriate internet constabulary’) the scam email in to US-CERT, put on Secret Agent Man and cooked dinner. (I might have also played some air guitar, but that’d be telling…).