NEW DELHI: Websense Security Labs that investigates Internet threats has
reported of an advanced phishing attack on the Google pages. The latest alert
mentions that users are being shown a spoofed copy of the Gmail login page with
a message claiming, "You WON $500.00!" The message states that this prize money
will be delivered to an e-Gold, PayPal, StormPay, or MoneyBookers account of
their choice.
If users select an account, they are informed that this prize money is only
available to "premium members" of "Gmail Games." The page states that "Gmail
Games" membership requires an $8.60 registration fee, and then asks users to pay
the registration fee or forfeit the $500 prize money. Users are directed to an
actual payment site to deliver the registration fee.
This phishing site is hosted in the United States and was up at the time of this
alert. This is a sophisticated variant of Google phishing witnessed in November
05.
In November 05, a phishing attack that targets users of Google's search engine
was reported by Websense Security Labs. Users were redirected to a spoofed copy
of Google's front page with a large message claiming "You WON $400.00 !!!".
Users were presented with instructions for collecting their prize money. These
instructions direct users to enter their credit card number and shipping
address. Once the information had been collected, users were directed to Google
legitimate website.
Last month, Websense Security Labs had discovered that the Google website
hosting service "Google Pages" was hosting malicious code. There were no reports
of a lure from this location, however experts considered the attack to be either
be in the setup phase or not widely distributed at that point of time.
Commenting on the phenomenon, Surendra Singh, head South East Asia and India,
Websense, said, During the last month, we witnessed two malicious incidents that
have combined the use of telecommunications and the web. The only way for
business to protect their employees against these ever-evolving threats is to
have a web security solution that updates against these attacks in real time.
In June, Websense received reports of users being lured to install malicious
code via Short Message Service (SMS) messages. Victims receive an SMS message on
their mobile phone, thanking them for subscribing to a fictitious dating
service. The message stated that the subscription fee of $2.00 per day will be
automatically charged to their cell phone bill until their subscription is
cancelled at the online site. Users who visited the site to unsubscribe from the
service are prompted to download a Trojan bot. The site does not attempt to
exploit any vulnerability; instead, the attacker provides instructions to bypass
the Internet Explorer security warning prompt.
An incident of Voice Phishing was also reported in June targeting customers of
Santa Barbara Bank & Trust.
© CyberMedia News
Advanced phishing attack on Google
New Update