Consultant Dan

03 May 2011

Google phishing foiled (this is a real, potentially dangerous online security threat)

I have just managed to avoid a phishing attack.

I received an email that professed to be from Gmail info@gmail.com. It looked like this in Mac Mail:

Dear Email Client,

We are upgrading our security systems and suspending all dormant accounts. We are sending this general message to all users to confirm their details for verification purpose. To verify your account is still active, please click on link here and follow the instructions. We are sorry for the trouble but we are trying to give you the best services. Thanks

I was suspicious because I am not a dormant user of GMail; my shiny new iPad checks all my email accounts every 15minutes!

I used Mail to view the email as ‘Raw Source’ and found that the “here” text linked to the site <http:// studymaterials.in/gmail.html> which proves the scam. If it was a real email from Google the high level domain would have been a .com of some sort, along with Gmail or Google or some thing as the server name, not “studymaterials”.

I took the risk of doing some amateur sleuthing. I turned on NoScript in Firefox and visited the site. It came up with this fake Gmail login page.

Looking at it ‘live’ the first sign it is a fake is that the free space counter was frozen at 2757.272164 megabytes. The second indication is that the size of free space on offer was less than 3MB which seems a bit small, given how many cloud computing sites offer free accounts of 3-4MB. (I checked and apparently Google’s free space allowance surpassed 3MB in 2007. It currently sits at over 7.5MB).

The third sign of a scam is that the copyright date is 2010. Can you imagine Google not having a current calendar year date? Here is a real Gmail login page.

I then dobbed (Australian term meaning ‘report a felon to the appropriate internet constabulary’) the scam email in to US-CERT, put on Secret Agent Man and cooked dinner. (I might have also played some air guitar, but that’d be telling…).

Scarlett [Wed 4 May 2011, 10:36AM] said:

Excellent sleuthing. Also, I don’t imagine that Google would make grammatical errors like that in an email.

Dan Cass [Wed 4 May 2011, 11:12AM] said:

Thanks, Scarlett.

Based on the language of the phish-mail, where do you think the criminals are from?

November 2012

October 2012

September 2012

August 2012

Mon 27 Solar is the internet, coal is the telegraph.
Sat 11 Vale Ravid Rakoff
Tue 07 Solar progress kills coal's baseload business model

July 2012

Tue 31 Australia wins gold in the solar Olympics
Mon 30 Greens Melbourne by-election

June 2012

May 2012

April 2012

March 2012

Sat 31 Global Greens, eleven years strong
Fri 30 International solar energy politics
Wed 28 Barack Obama or Campbell Newman?
Fri 23 Bob Brown 40th anniversary Green Oration
Thu 22 Suntech blog
Tue 20 Ted Bailieu's brown coal plan for Victoria is bad economics
Thu 15 Community energy for Mildura

February 2012

January 2012

December 2011

November 2011

October 2011

September 2011

Thu 01 Building bigger wind turbines: DoE, GE, Case Western Reserve University

August 2011

Wed 31 Clean coal (CCS) continues to falter
Wed 24 Happy Birthday Borges
Tue 16 Hobart Mercury gets it right on renewable energy
Tue 09 Community wind and solar for central NSW

July 2011

June 2011

May 2011

April 2011

March 2011

February 2011

January 2011

December 2010

November 2010

October 2010

September 2010

Wed 29 Helping President Nasheed Put Solar On It
Mon 27 Terms of reference and membership of the Multi-Party Climate Change Committee
Fri 17 Is there a new paradigm?
Mon 06 New leaders rising
Wed 01 Greens - Labor deal