Wednesday, April 14, 2010

Mail From So Called "Google Support" Asking for Account Details - - Gmail Account Phishing Scam

Beware! Its a Cyber World - - Summary:

Email, purporting to be from Google Support, claims that the recipient will lose his or her Gmail account if he or she does not reply with the account's username and password and other personal information within seven days of receiving the message.

In fact, the message is not from Google. It is a phishing scam designed to steal the recipient's Gmail login details. If a recipient replies with the requested information, Internet scammers can then hijack the his or her Gmail account and use it for further criminal activities.

Let's have a look to the contents of the mail being sent to thousands of Gmail users:

======================================

From: Gmail Support
Subject: Your Gmail Account

Due to the congestion in our Gmail servers,there would be removal of all unused Gmail Accounts.You will have to confirm if your E-mail is still active by filling out your login info below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.

Account name:
Password:
DOB:
Country :

Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.
Thank you for using Gmail !

The Gmail Team

====================================


Beware! Its a Cyber World - - Explanation:

This email, which claims to be from "Google Support" warns the recipient that his or her Gmail account will be suspended within 24 hours "for security reasons" unless he or she confirms that the account is still active by replying to the email with account details. The message further warns that the account will be permanently deleted if the requested details are not received within seven days. The recipient is instructed to reply to the message with his or her Gmail username and password along with his or her date of birth and country of residence.

However, the email is not from Google and the claim that the recipient's Gmail account is about to be suspended is untrue. In fact, the message is a phishing scam designed to trick Gmail users into sending their account details to Internet criminals.

If a recipient falls for the trick and sends the requested details, the criminals behind the scam will then be able to hijack their victim's Gmail account and use it for their own nefarious purposes. Typically, these criminals use such hijacked accounts to launch further scams designed to trick contacts of the victim into sending them money. Once they have gained access to the hijacked account, the scammers will then send emails to all of the people on the account's contact list. These emails will falsely claim that the account holder is in a very difficult situation and desperately needs financial assistance. Usually, such emails claim that the account holder is stranded in another country without money or travel documents due to a robbery or lost baggage. The following is a typical example of such a scam letter:
Subject: PLEASE URGENT Money NEEDED

Hello,

How are you doing ? I hope you are doing fine, I'm sorry that I didn't inform you about my traveling to England for a Seminar.I need a favor from you as soon as you receive this e-mail because I my wallet was stolen on my way to the hotel where my money, passport and other valuable things were kept. I will like you to assist me with a soft loan urgently. I will be needing the sum of $2,500 to sort-out my hotel bills and get myself back home.I will appreciate whatever you can afford to help me with, I will pay you back as soon as I return,I have trust on you,Please kindly let me know if you can be of help so I can send you my details to use when sending the money through Western Union Or Money Gram today, may god bless you and your family.

Any assistant you can offer will be greatly appreciated

regards [Name removed]
Because the message apparently comes from a person that the recipient knows, he or she may be more inclined to believe the story and send money as requested. Since the scam message originates from the victim's own account, it will have the his or her own name and email address in the sender field and may also include the his or her normal email signature.

Many people on the hijacked contact list will recognize the begging message as a scam because they are aware of such activities or because they know that the supposed sender is not travelling as claimed. However, even if only one or two people on the contact list fall for the ruse and send money as requested, the scammer will be well paid for his efforts. If a person does send money, the scammers may then attempt to trick him or her into sending further "emergency" loans. Of course, once they have gained as much money from their victim as possible, the criminals running the scam will simply disappear with the money.

Meanwhile, the original victim may not even be aware that his or her account has been hijacked, at least in the early stages of the scam. And, one of the first things they scammers will do when they have gained access to an account is to change the account's password, thereby locking the victim out of the compromised account. Thus, even after the victim realizes that the account has been hijacked, he or she may not be able to warn everyone on the contact list to watch out for scam messages sent from the compromised account.

Scammers have used similar tactics to steal account information from users of other popular email providers, including Yahoo, Hotmail and several others.

While some email service providers may have a policy of deactivating unused accounts, they certainly will not ask uses to "save" the account by replying with a username or password. Any message that asks you to send your email account username and password via an email is very likely to be a scam.



No comments:

Related Posts Plugin for WordPress, Blogger...