sabato 20 agosto 2011

Gmail Phishing: how a thief can steal your google password - Warning!

warning: this is a phishing email scam. Be careful

Just some minute ago, i've received the "best" phishing email ever on my gmail account.
The "best" because i think many people will fall in it. It's very well made, and it's difficult to understand that is a phishing message to steal your google account password. (if you use your gmail account from a web browser)
It's a message with a normal JPG attachment (apparently). When you read the email, you may want to see the attachment, isn't it?
This is the scam: the "attachment area" is not the default gmail "attachment area", but a very well made HTML part of the email that will trick the users

Pressing on the "View" or "Download" link, will send the user on this page:
http://mail.google.acccounts.com/ServiceLogin?service=mail&passive=true&rm=false&contin...
The page identical to the standard gmail login page, the URL is similar, and the user email account will be filled in the login form. We have only to insert our password... :)


While we wait a fix from Gmail Team, be careful!