Latest Gmail Phishing Very Tough To Spot – Watch Out

If Phishing is a new term to you then please read this post. Wikipedia will tell you that “phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.” Often it may look like a message from your bank, or it could be Paypal or eBay. The phisher does not know whether you really have an account, but tries everyone in the hope that some may fall from it.

Here is one of the best phishing exploits I have seen. I have now twice received a message apparently from Google within the past three days that read as follows:

phishing Gmail message

When you click on the link, then you see the familiar Google Gmail Welcome page. 

Phishing Gmail Welcome Page

Except that this is not the regular Google page.  If you look up at the address field, you will find the URL is on the domain, Phishing website .

Checking WhoIs for this page you will find that the administrative contact is the following person.

Phishing Administrative Contact

Undoubtedly if I had keyed in my Gmail username and password, that gentleman would have had access to my Gmail account and could do whatever he wished with it.  Needless to say I immediately changed the password, in case he had already been there.

This is a particularly difficult one to spot, so it is important to be extra vigilant.  Google has some good information about Messages asking for personal information.  It also provides more detailed information about Suspicious results and strange behavior: Phishing attacks in other words.

You can forward such phishing Gmail messages to and can send the Phishing URL to the Google Phishing team using their Phishing Report.  Google also provides a link to, where you can learn more about malware that can infect your computer.

Some phishing attacks are not too difficult to spot, often including spelling mistakes and somewhat curious links.  This particular current Gmail phishing incident is highly professional and the only clue is that URL address when you click on the apparent Google link. 

Please spread the word rapidly.  If you are on Twitter, then please ReTweet the message below.

Pl.RT: Important Alert: Latest Gmail phishing exploit is very tough to spot: : pass it on.

Undoubtedly many people will be taken in.

Reblog this post [with Zemanta]

6 thoughts on “Latest Gmail Phishing Very Tough To Spot – Watch Out”

  1. Thanks for the heads up. I am generally super careful with any emails. One tip, if you are ever in doubt, is the close the email and then log in to your account direct as normal. If the company requires you to update anything, then there should be an alert in your account control panel.

  2. I’d be a bit suspicious if I received an email, ostensibly from Google, in which they recommended an email product other than Gmail.

    But I’m sure a lot of people will fall for this.

  3. How can this be “particularly professional” when they don’t even bother to obfuscate the domain on the landing page?

    It’s just Not,, or

    Same old same old.

  4. OMG, the Gmail phishing is becoming better and better now! We should be extremely careful, especially on any link we’re clicking in our Gmail account.

    Thanks for the warning, Barry!

Comments are closed.