Source Techtree
Websense Security Labs has received reports of an advanced phishing attack on Google Pages that is a sophisticated variant of Google phishing that was witnessed last November.
The latest alert says users are shown a spoofed copy of the Gmail login page, with a message claiming, "You WON $500.00!" The message further states that the prize money will be delivered to an e-Gold, PayPal, StormPay, or MoneyBookers account of the user's choice. If users select an account, they are informed that the prize money is only available to "premium members" of "Gmail Games".
The user is informed that the "Gmail Games" membership requires an $8.60 registration fee, and he/she is asked to pay the registration fee, or forfeit the $500 prize money. Users are then directed to an actual payment site, to pay-up the registration fee. It is learnt that this phishing site is hosted in the US, and that it was already up at the time of the alert.
Commenting on this phenomenon, Surendra Singh, head - South East Asia and India, Websense, said, "Phishing attacks have become more sophisticated and elaborate, as perpetrators are developing innovative ways of overcoming users' awareness of the phenomenon, as has been demonstrated by this incident. During the last month, we witnessed two malicious incidents that combined the use of telecommunications, and the Web. The only way for business to protect their employees against these ever-evolving threats is to have a Web security solution that updates against these attacks in real time."
According to reports, last month, Websense had discovered that the Google Web site hosting service, "Google Pages," was hosting malicious code.
Websense Security Labs has received reports of an advanced phishing attack on Google Pages that is a sophisticated variant of Google phishing that was witnessed last November.
The latest alert says users are shown a spoofed copy of the Gmail login page, with a message claiming, "You WON $500.00!" The message further states that the prize money will be delivered to an e-Gold, PayPal, StormPay, or MoneyBookers account of the user's choice. If users select an account, they are informed that the prize money is only available to "premium members" of "Gmail Games".
The user is informed that the "Gmail Games" membership requires an $8.60 registration fee, and he/she is asked to pay the registration fee, or forfeit the $500 prize money. Users are then directed to an actual payment site, to pay-up the registration fee. It is learnt that this phishing site is hosted in the US, and that it was already up at the time of the alert.
Commenting on this phenomenon, Surendra Singh, head - South East Asia and India, Websense, said, "Phishing attacks have become more sophisticated and elaborate, as perpetrators are developing innovative ways of overcoming users' awareness of the phenomenon, as has been demonstrated by this incident. During the last month, we witnessed two malicious incidents that combined the use of telecommunications, and the Web. The only way for business to protect their employees against these ever-evolving threats is to have a Web security solution that updates against these attacks in real time."
According to reports, last month, Websense had discovered that the Google Web site hosting service, "Google Pages," was hosting malicious code.