Please do not ever fall for this

I just got an email in my inbox from “Gmail support” with the subject “Important Update.”

That was the first red flag, as Gmail almost never sends important updates through email, they embed them directly into the site, usually in an alert banner across the top that you can dismiss, or links in the upper right hand side.

Another red flag is that it didn’t have the “verified” padlock symbol net to it, an option you can enable in Google Labs to ensure you that emails from sites that malicious hackers often try this stuff with, like PayPal and eBay, are actually sent from those domains.

Opening the email, I noticed, as did Wired Science Blogger Rhett Allain, that the email didn’t automatically open with images. An email from the Google staff would have. Clicking “view images” presented this email:

Gmail and hopefully any major email provider would never send you an email asking you to leave the site and enter your information elsewhere. If there are any changes that need to be made, it will always prompt you upon your going to that domain in the first place. Obvious hack attempt.

Sure enough, hovering over the link produced the following url: http://www.enriquemarquez.com/gmail/ServiceLogin.htm. I’m not even hyperlinking that because you shouldn’t click it. The domain is not a google domain. Doing a whois search shows the domain is registered on some Venezuelan nameservers, no other information really.

Clicking it, here is a screen shot of the website you would be taken to:

Looks just like standard, friendly Google, except the domain is whacked.

How many people just fell for this, I shudder to think about. This is the oldest hacking trick in the book, yet still the most effective. Earlier this year, Nate Silver and I interviewed the director of Symantec, the largest maker of security software, most notable Norton Antivirus. The conversation was pretty stats heavy, and I won’t go into it here, but he confirmed that the #1 way that people’s computers are compromised is not by backdoor intruders or code crackers like the movies would have most people believe — it is by people giving away their information.

Why hack something when you can just ask someone for their password?

This is the first time I’ve seen an attempt like this on g-mail. I would like to think that gmail users are more savvy than the yahoo/hotmail/msn/aol variety and would never fall for something like this, but I guess if you’re not used to being on the lookout for things like this, it could be a convincing email. Please don’t let this be you, I really don’t want to get spammed by my friends. And moreover, I don’t want to hear my friends whine about how “Google gave away your information” or “Google is not secure.” Granted, Google should probably not allow users to change their usernames to things like “Google Support,” but still, if you fall for this, you’ve only your lack of internet savvy to blame.

Although… the question of how people get the email addresses to send these attempts to is a good one. Rhett and I both got the email at the exact same time. Did anyone else get this email?

Advertisements

One thought on “Please do not ever fall for this

  1. Toaster

    I didn’t get this email, but it’s nonetheless an interesting and extremely bald-faced attempt at phishing. For a moment, I was tempted to try a PHP inject of foreign JS into your website just to see if I could, and then I was disappoint that you had WordPress installed instead of Arikia-generated code.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s