I just got an email in my inbox from “Gmail support” with the subject “Important Update.”
That was the first red flag, as Gmail almost never sends important updates through email, they embed them directly into the site, usually in an alert banner across the top that you can dismiss, or links in the upper right hand side.
Another red flag is that it didn’t have the “verified” padlock symbol net to it, an option you can enable in Google Labs to ensure you that emails from sites that malicious hackers often try this stuff with, like PayPal and eBay, are actually sent from those domains.
Opening the email, I noticed, as did Wired Science Blogger Rhett Allain, that the email didn’t automatically open with images. An email from the Google staff would have. Clicking “view images” presented this email:
Gmail and hopefully any major email provider would never send you an email asking you to leave the site and enter your information elsewhere. If there are any changes that need to be made, it will always prompt you upon your going to that domain in the first place. Obvious hack attempt.
Sure enough, hovering over the link produced the following url: http://www.enriquemarquez.com/gmail/ServiceLogin.htm. I’m not even hyperlinking that because you shouldn’t click it. The domain is not a google domain. Doing a whois search shows the domain is registered on some Venezuelan nameservers, no other information really.
Clicking it, here is a screen shot of the website you would be taken to:
Looks just like standard, friendly Google, except the domain is whacked.
How many people just fell for this, I shudder to think about. This is the oldest hacking trick in the book, yet still the most effective. Earlier this year, Nate Silver and I interviewed the director of Symantec, the largest maker of security software, most notable Norton Antivirus. The conversation was pretty stats heavy, and I won’t go into it here, but he confirmed that the #1 way that people’s computers are compromised is not by backdoor intruders or code crackers like the movies would have most people believe — it is by people giving away their information.
Why hack something when you can just ask someone for their password?
This is the first time I’ve seen an attempt like this on g-mail. I would like to think that gmail users are more savvy than the yahoo/hotmail/msn/aol variety and would never fall for something like this, but I guess if you’re not used to being on the lookout for things like this, it could be a convincing email. Please don’t let this be you, I really don’t want to get spammed by my friends. And moreover, I don’t want to hear my friends whine about how “Google gave away your information” or “Google is not secure.” Granted, Google should probably not allow users to change their usernames to things like “Google Support,” but still, if you fall for this, you’ve only your lack of internet savvy to blame.
Although… the question of how people get the email addresses to send these attempts to is a good one. Rhett and I both got the email at the exact same time. Did anyone else get this email?