Gmail is again hit by a new phishing scam, which is warned by the Security researchers from Sunbelt.This is almost similar to the old phishing scam that is using a spoof page(a.k.a fake page) along with the blend of social engineering inorder to fool the users.Dont know what is phishing visit here.
What is new about this scam?
As i mentioned earlier that it is almost similar to the old one but the only striking difference is that it has got an attachment along with a mail.The attacker has used the skills of social engineering to make the user believe that the mail is from the "GOOGLE" itself.Take a look at the mail below......
The attach file is in Html format called as Gmail_access.html,which is a fake page of Gmail login page having all the elements and graphics exactly similar to the original page.Take a look at the image below.
How it Works?
Check the source code of the attachment(html file),use ctrl + f to find "action=" use without quotes then u will find something different to that of the original page.
which means when the user enter any values in the login field of the fake page(attachment) then it sends the values to a "serviceloginAuth.php" on an external domain for the attacker and the website under this domain is registered to someone in Sremska Kamenica, Serbia-said Tom Kelchner of sunbelt.
(Credits:sunbelt.blogspot.com)
What is new about this scam?
As i mentioned earlier that it is almost similar to the old one but the only striking difference is that it has got an attachment along with a mail.The attacker has used the skills of social engineering to make the user believe that the mail is from the "GOOGLE" itself.Take a look at the mail below......
 |
| (Source:Sunbelt.blogspot.com) |
 |
| (Source:Sunbelt.blogspot.com) |
Check the source code of the attachment(html file),use ctrl + f to find "action=" use without quotes then u will find something different to that of the original page.
action="http://www.wtwener.com/e107_themes/serviceloginAuth.php"
which means when the user enter any values in the login field of the fake page(attachment) then it sends the values to a "serviceloginAuth.php" on an external domain for the attacker and the website under this domain is registered to someone in Sremska Kamenica, Serbia-said Tom Kelchner of sunbelt.
(Credits:sunbelt.blogspot.com)
If you find this post worth reading then do drop a comment ,it will be appreciated .
New Gmail Phishing scam on roll.
Reviewed by Satyajit (Admins,a.k.a Satosys)
on
Wednesday, September 15, 2010
Rating:
Reviewed by Satyajit (Admins,a.k.a Satosys)
on
Wednesday, September 15, 2010
Rating:
5 comments:
Nice post.. Thanks for sharing this...
@Manisha Thanks for visiting... :)
Visit again for more interesting stuffs on security... :)
Dear Satyajit, You have a great blog. Thank you for visiting our blog. Unfortunately we are not able to see "Comment U Back" Badge in this blog. Kindly add it and inform us at the earliest. Thanking you
Thanks for sharing this with us never really check the source code of suspiciuos emails. thanks for the heads up
@Reetha Thanks for visiting...actually i had put it put when i didnt get any response from you side so i removed it...i will surely put it.. :)
@Lawmacs Thanks for visiting... :) ya surely but here i mean the source code of the attachment not that of email header... :)