The subject of the mail read “[Invitation] VERIFY YOUR ACCOUNT”, and the main content included this bit:
Philipp Lenssen, you are invited to
VERIFY YOUR ACCOUNT (...)
This Email is from Gmail Customer Care and we are sending it to every Gmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Gmail accounts so we are shutting down some Gmail accounts and your account was among those to be deleted.We are sending you this email to so that you can verify and let us know if you still want to use this account. (...)
You will have to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.
It’s quite obvious Google’s not likely to send out such mails for real. You might have guessed by now how this was done, though: someone apparently set up a Google account with the first name “customer” and the surname “care” (the actual email address was customerservices[some-number]@googlemail.com). They then created an event in their calendar titled “VERIFY YOUR ACCOUNT” – instead of say, “BBQ at Susan’s place” – with the event description being the text printed above!
Looking for traces of this phishing attempt online, I can see it’s not completely new, with people asking about this mail in e.g. May this year... and even receiving an official answer from Google, though this type of phishing remains. If you too ever receive a mail like this, here’s something you can do instead of actually replying: click the blue arrow to the top right of the Gmail message and pick “Report phishing”. A dialog will pop up explaining what phishing is, and it then says: “If you believe this message is a phishing attack, you can report it to our abuse team and help us thwart this attack and others like it.” Google notes though, “Reporting this message as an attack will send the entire message to our team for review.”
>> More posts