New Gmail Phishing scam on roll.

Gmail is again hit by a new phishing scam, which is warned by the Security researchers from Sunbelt.This is almost similar to the old phishing scam that is using a spoof page(a.k.a fake page) along with the blend of social engineering inorder to fool the users.Dont know what is phishing visit here.

What is new about this scam?

As i mentioned earlier that it is almost similar to the old one but the only striking difference is that it has got an attachment along with a mail.The attacker has used the skills of social engineering to make the user believe that the mail is from the "GOOGLE" itself.Take a look at the mail below......
(Source:Sunbelt.blogspot.com)
The attach file is in Html format called as Gmail_access.html,which is a fake page of Gmail login page having  all the elements and graphics exactly similar to the original page.Take a look at the image below.
(Source:Sunbelt.blogspot.com)
How it Works?

Check the source code of the attachment(html file),use ctrl + f  to find "action=" use without quotes then u will find something different to that of the original page.

action="http://www.wtwener.com/e107_themes/serviceloginAuth.php"

which means when the user enter any values in the login field of the fake page(attachment) then it sends the values to a "serviceloginAuth.php" on an external domain for the attacker and the website under this domain is registered to someone in Sremska Kamenica, Serbia-said Tom Kelchner of sunbelt.

(Credits:sunbelt.blogspot.com)

If you find this post worth reading then do drop a comment ,it will be appreciated .
Suggest Article

Subscribe to Posts....

Enter your Email-ID and get "Security Tips and Hacking Tutorials"alert in your inbox,we promise to keep your email private and safe.

comment 5 comments:

Manisha on September 15, 2010 at 2:05 PM said...

Nice post.. Thanks for sharing this...

Satyajit (Admins,a.k.a Satosys) said...

@Manisha Thanks for visiting... :)
Visit again for more interesting stuffs on security... :)

Reetha on September 16, 2010 at 3:24 AM said...

Dear Satyajit, You have a great blog. Thank you for visiting our blog. Unfortunately we are not able to see "Comment U Back" Badge in this blog. Kindly add it and inform us at the earliest. Thanking you

lawmacs on September 16, 2010 at 3:29 AM said...

Thanks for sharing this with us never really check the source code of suspiciuos emails. thanks for the heads up

Satyajit (Admins,a.k.a Satosys) said...

@Reetha Thanks for visiting...actually i had put it put when i didnt get any response from you side so i removed it...i will surely put it.. :)

@Lawmacs Thanks for visiting... :) ya surely but here i mean the source code of the attachment not that of email header... :)

Post a Comment

This blog is "DoFollow",Use a "Real Name" rather than using "Keywords" otherwise comment will be rejected.

Delete this element to display blogger navbar

 
© 2013 SecurityHunk All Rights Reserved and Template by Fresh Blogger Templates