Would you fall for this phishing scam?
email phishing scam security spam · 5 comments · 500 words · read ~2,491 times.
Gmail is usually pretty good at stopping spam from reaching my inbox. When it slips up, it reminds me of just how terrifying the modern internet is.
Early one morning, I received this email from someone I know (details redacted by me).
It came from his email, it has his signature at the bottom. This doesn't look like someone hijacking his email so far.
I don't put much stock by "Protected by Antivirus" claims - because they provide no proof that scanning has taken place.
I know you shouldn't open attachments. But it's a PDF and Google is showing a plausible looking preview. It was early in the morning, and I clicked on it.
*sigh* Last night I had factory reset my phone. I was slowly logging back in to all my services. So this screen wasn't unexpected for me. And, to be honest, I've got a bunch of Google accounts and always have to log in and out of them. OK, let's type in my email.... WAIT! WHAT?
A look at the URL bar shows accounts.googledrive.com.adge.gq. That's not a Google URl. Had they used something like login.accounts.googledrive.com... it would have been long enough for me not to see the phony adge.gq at the end. I'd almost certainly have clicked through.
The rest of the page is a pixel perfect recreation of the Google login page. With the exception of the "email provider" choice. If I'd have been less awake, I'm fairly sure I'd have fallen for this.
I put in a fake email just to see what would happen.
Asking for a password - thankfully, the scammers didn't use Gravatar to show the user a picture of themselves.
I put in a fake password - and got this extraordinary attempt to phish my details.
ARGH! Trying to steal yet more information. That's a realistic error message. I'm used to seeing asterisks blocking out my sensitive details.
If you fell for this, you've given up your email and password - no doubt used to send more spam - and opened yourself up to a barrage of scam phone calls claiming to be from your "email provider". If you reused your password with any other service - like your phone provider - your entire online identity is at risk of compromise.
I know what you're thinking. I should never have clicked on that link in the first place. I am usually quite security minded. In fact, before clicking on it, I long-pressed on the link so that Google could show me its destination.
Even a vigilant user gets no protection here from Gmail.
Today these criminals were unlucky. But they only have to be lucky once. Users will have to be lucky always.
Yikes!
The phone prompt would've tipped me off. Google already knows, and displays a few random digits so you remember which number or email you entered. Never asks for the whole thing when verifying, to the best of my knowledge. Thanks for the write up!
James H says:
I'm confused about how they displayed their site - is the paymentPDF.jpg actually just a link made to look like an attachment?
Steve W. says:
Yeah, it's a faked jpg meant to look like a blurred out preview of another PDF/jpg. The jpg itself has a link to (in my case) an http://ow.ly/ address, which is where the above Gmail login boxes appear. Crazy!
angusprune says:
What mechanism does the jpeg use to make the link? I didn't realise this was a thing.
Andrew McGlashan says:
It's just HTML, or as Steve Jobs put it ... "pretty mail".
You can have links attached to any image, text (purporting to be something other than where the link actually goes) or other HTML objects; there is nothing special about it.
You need to be wary of ANY link, no matter how it is presented.
What troubles me more is that most Apple users are conned to think that no such occurrence could occur to them because they are using iOS or OS X.... nothing could be further from the truth; they are often more susceptible because they don't understand their risk situation.