Another Gmail phishing email
September 20, 2007
Just a few minutes ago, we received the following “Security Alert” email purportedly from Gmail:
from: Gmail Team <email@example.com>
date: Sep 20, 2007 1:44 PM
subject: Security Alert
Your account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have acces and use of your Google account and to ensure a safe Gmail experience. We require all flagged accounts to verify their information on file with us.
This is the right link for edit account page
After you verify your information, your account shall be returned to good standing and you will continue to have full use of your account. Please note that if you don’t verify your ownership of account in 2 x 24 hours we will block/ susspend your Google account.
The Gmail Team
The text “edit account” in the second paragraph contains a link that redirects to the following site: < http://www.uk-google.com/account > (Screenshot of the website below.)
This site is a PHISHING website. Phishing is a type of deception designed to steal one’s personal data such as credit card numbers, passwords, account login information, etc. The phishing email usually looks like an official letter from a trusted source, such as a bank, credit card company, payment processor, or online merchant. Phishing emails normally direct recipients to a fraudulent website where they are asked to provide personal information. This information is then used for identity theft.
Although the header included a line saying the mail was sent by the “Gmail Team,” the server that actually sent the mail was “crater.myserverhosts.com” — definitely not a Gmail or Google server.
Note as well the typographical and grammatical errors in the email (acces, 2 x 24 hours, susspend). If that guy was indeed working in Google, he should be fired for sending a crappy, unprofessional email like that.
More info on how to detect phishing emails in the article What is Phishing?