Google Blogoscoped

Thursday, June 26, 2008

Google Calendar Phishing

A couple of minutes ago an interesting attempt to phish for Google account credentials made it to my inbox. It had me blink my eyes because while I suspected phishing there were some things with this one that had me check twice to see how it’s done, as things looked quite official on the surface. As you may know, phishing emails are sent out by abusers to make the recipient in some way reply with their password or click through to enter their password, but the more official looking they are, the more easily they’re believed. This particular mail, shown in the screenshot, had the following attributes:

The subject of the mail read “[Invitation] VERIFY YOUR ACCOUNT”, and the main content included this bit:

Philipp Lenssen, you are invited to

This Email is from Gmail Customer Care and we are sending it to every Gmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Gmail accounts so we are shutting down some Gmail accounts and your account was among those to be deleted.We are sending you this email to so that you can verify and let us know if you still want to use this account. (...)

You will have to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.

* Username:

* Password:

It’s quite obvious Google’s not likely to send out such mails for real. You might have guessed by now how this was done, though: someone apparently set up a Google account with the first name “customer” and the surname “care” (the actual email address was customerservices[some-number] They then created an event in their calendar titled “VERIFY YOUR ACCOUNT” – instead of say, “BBQ at Susan’s place” – with the event description being the text printed above! Finally, they added me as guest to that event, which caused Google to prepare and send the event invitation mail!

Looking for traces of this phishing attempt online, I can see it’s not completely new, with people asking about this mail in e.g. May this year... and even receiving an official answer from Google, though this type of phishing remains. If you too ever receive a mail like this, here’s something you can do instead of actually replying: click the blue arrow to the top right of the Gmail message and pick “Report phishing”. A dialog will pop up explaining what phishing is, and it then says: “If you believe this message is a phishing attack, you can report it to our abuse team and help us thwart this attack and others like it.” Google notes though, “Reporting this message as an attack will send the entire message to our team for review.”


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!