Friday, September 15, 2006
Gmail Plus Phishing
Don’t enter your password into this site
– it’s a proof of concept of how a phishing attack could be launched using the Google Public Service Search
. The page looks like it’s official, and it’s indeed hosted on Google.com, but it’s not by Google. You’ll notice by the message you get after logging in:
You (could have) gotten served!
username = username you entered
password = password you entered No data was actually taken, just displayed to you :) This is just a proof of concept of what a malicious user could do with this exploit.
Eric Farraro has more info.
The discussion started in the forum.
[Thanks Yes and TomHTML.]
>> More posts
This site unofficially covers Google™ and more with some rights reserved. Join our forum!