Yesterday I received a “Security Warning” email supposedly from Google and I must say that if I didn’t know better, I would have been the next victim of this phishing scam.
Here’s a copy of the email.
from GoogleTeam <email@example.com.>
date Sat, Jul 26, 2008 at 12:33 PM
subject Security Warning
Your account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have acces and use of your Google account and to ensure a safe Gmail experience. We require all flagged accounts to verify their information on file with us.
This is the right link for edit account page
After you verify your information, your account shall be returned to good standing and you will continue to have full use of your account. Please note that if you don’t verify your ownership of account in 2 x 24 hours we will suspend your Google account.
The Gmail Team
Note that the sender of the mail is firstname.lastname@example.org — a nice ploy used by these phishers but take note that there are mail-sending programs now that can mask the original email address of the sender and can show a different one just like in the example above.
One giveaway that this email is fake is the link to the “edit account page” which goes to (FAKE SITE! DON’T VISIT!)
If Google really wants us to edit our account, we would be directed to a Google.com domain, not a dubious site such as AC-Google.com.
If you checked on the link (which I advise you not to), you’ll see a site that looks like an official Google page. However, asking for your Google Account password is definitely not so Google and that ultimately led me to believe that this is a phishing email. Official websites WILL NOT normally ask you to give them your password. That is just plain, old phishing scam.
What is phishing?
Phishing is a type of deception designed to steal one’s personal data such as credit card numbers, passwords, account login information, etc. The phishing email usually looks like an official letter from a trusted source, such as a bank, credit card company, payment processor, or online merchant. Phishing emails normally direct recipients to a fraudulent website where they are asked to provide personal information. This information is then used for identity theft.
Other examples of spoof emails in the past are in our Phishing Emails collection.