Phishermen try to lure their victims with whatever is popular and there is no doubt "Google" is popular. Because of this, the phishermen are trying to tarnish Google's good name!
In November, Websense issued this alert:
Websense® Security Labs™ has received reports of a new phishing attack that targets users of Google's search engine. Users are redirected to a spoofed copy of Google's front page with a large message claiming "You WON $400.00 !!!". Users are presented with instructions for collecting their prize money. These instructions direct users to enter their credit card number and shipping address. Once the information has been collected, users are directed to Google's legitimate website.
This phishing site is hosted in the United States and was up at the time of this alert.
For the November version with screenshots, link here.
And today Websense released another version of this scam:
Users are shown a spoofed copy of the Gmail login page with a message claiming, "You WON $500.00!" The message states that this prize money will be delivered to an e-Gold, PayPal, StormPay, or MoneyBookers account of their choice. If users select an account, they are informed that this prize money is only available to "premium members" of "Gmail Games." The page states that "Gmail Games" membership requires an $8.60 registration fee, and then asks users to pay the registration fee or forfeit the $500 prize money. Users are directed to an actual payment site to deliver the registration fee.
This phishing site is hosted in the United States and was up at the time of this alert.
Sample Email Lure:*
*You won $500! Gmail congratulates you!* *CONGRATULATIONS!YOU WON $500!*Gmail gives members random cash prizes. Today, your account is randomly selected as the one of 12 top winners accounts who will get cash prizes from us. Please click the link below and follow instructions on our web site. Your money will be paid directly to your e-gold, PayPal, StormPay or MoneyBookers account.
Click here to get your prize:
Sincerely,
The Gmail.com staff
Gmail.com
For the alert with screenshots, link here.
The Phishermen will always try to use "trusted" names to further their misdeeds. Education is the best defense against Internet scams and sharing knowledge is something all of us can do!
No comments:
Post a Comment