Alerts
BOOKMARK THIS ALERT
digg
|
del.icio.us
|
reddit
newsvine
|
furl
|
technorati
Google Mail
Date:07.10.2006
Threat Type: Phishing Alert
Websense® Security Labs™ has received reports that a variant of Google phishing attacks (discussed in a previous alert) are increasing in sophistication.
Users are shown a spoofed copy of the Gmail login page with a message claiming, "You WON $500.00!" The message states that this prize money will be delivered to an e-Gold, PayPal, StormPay, or MoneyBookers account of their choice. If users select an account, they are informed that this prize money is only available to "premium members" of "Gmail Games." The page states that "Gmail Games" membership requires an $8.60 registration fee, and then asks users to pay the registration fee or forfeit the $500 prize money. Users are directed to an actual payment site to deliver the registration fee.
This phishing site is hosted in the United States and was up at the time of this alert.
Sample Email Lure:
* *You won $500! Gmail congratulates you!* *
CONGRATULATIONS!
YOU WON $500!*
Gmail gives members random cash prizes. Today, your account is randomly selected as the one of 12 top winners accounts who will get cash prizes from us. Please click the link below and follow instructions on our web site. Your money will be paid directly to your e-gold, PayPal, StormPay or MoneyBookers account.
Click here to get your prize:
<URL Removed>
Sincerely,
The Gmail.com staff
Gmail.com
Phishing Site Screenshot 1:
Phishing Site Screenshot 2:
Phishing Site Screenshot 3:
