Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share







Issue 145 - December 2012 (2nd Edition) - Page 6

Gmail 'Update Account' Phishing Scam

Issue 145 Start Menu

Previous Article            Next Article

Outline
Email purporting to be from webmail provider Gmail claims that recipients must click a link to verify their accounts and update information or risk having the accounts permanently deleted.



Brief Analysis
The message is not from Gmail and the claim that users will lose their accounts if they do not verify their information is a lie. The email is a phishing scam designed to steal login information for Gmail and other webmail accounts as well as trick victims into divulging their phone numbers to Internet criminals.

Bookmark and Share






Last updated: December 11, 2012
First published: December 11, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Dear Gmail User,

As part of our security measures, we regularly update all accounts on our database system. We are
unable to update your email account and therefore we will be closing your email accounts to enable the
web upgrade.

You have been sent this invitation because our records indicate you are currently a user whose account
has not been activated. We are therefore you sending this email so you can inform us whether you still
want to use this account. If you are still interested please confirm your account by updating your details
immediately because out system requires an account verification for the update.

To prevent an interruption with your Gmail services, please take a few moments to update your account
by filling out the verification and update form immediately.

Click here to verify your account

Warning! Any account owner that refuses to update their account after receiving this email will lose their account
permanently.

We appreciate your cooperation in this matter.

Sincerely
Gmail Member Services Team
© 2012 Gmail Inc. All Rights Reserved.


Gmail Account Update Phishing Scam





Detailed Analysis
According to this email, which purports to be from Google's webmail service, Gmail, account holders are required to update their account details by clicking a link and filling in a verification form. Otherwise, claims the message, the users will find that their Gmail accounts are permanently deleted. The message comes complete with a Gmail logo and copyright notice.

However, the email is certainly not from Gmail. And users will not lose their accounts if they fail to follow the link and update their details. Users who fall for the ruse and click the link will be taken to the following bogus Gmail login page, which has been constructed so that it closely emulates a real Gmail page:

Fake Gmail Login

After providing their login details, victims will be then taken to another bogus page that asks them to provide their phone numbers:

Fake Gmail Phone Number request

Next, victims will be taken to yet another bogus page and asked to provide login details for any alternative email addresses they may have:

Bogus request for email login

After providing all the requested details, users will be automatically redirected to the real Gmail website. Alas, all of the information they have provided will end up in the hands of online criminals who will use it to hijack the real webmail accounts. belonging to their victims. The compromised accounts can then be used to launch more spam and scam campaigns in the name of the victims. The scammers may also use the stolen phone numbers for further nefarious activities.

Email account phishing attacks like this one are very common and take many forms. Be very wary of any unsolicited email that claims that you must follow a link or reply to provide login information and other personal information. Legitimate email service providers will not ask users to provide such information via a generic email message. If you receive such a message, do not click on any links or open any attachments that it may contain. Do not reply to the message. Always login to your online email service by entering the account address into your browser's address bar rather than by clicking a link in an email.

Bookmark and Share


References

Friend Stranded in Foreign Country Scam Emails
Yahoo Account Phishing Scam Email
Gmail Account Phishing Scam

Previous Article            Next Article

Issue 145 Start Menu

Pages in this issue:
  1. Hoax - NASA Predicts Total Blackout of Planet in Dec 2012
  2. 'You Have Received a Secure Message' Malware Emails
  3. Christmas Cards For Dalton Dingus
  4. Jim Carrey is NOT Dead
  5. Australian Power & Gas 'Payment Receipt' Malware Emails
  6. Gmail 'Update Account' Phishing Scam
  7. Starbucks Lack of Support For Iraq Troops Rumor
  8. Holiday Horrors - Are Common Seasonal Decorations Toxic?
  9. Facebook 'Site Governance' Email is Legitimate
  10. RapidFax Malware Email
  11. Facebook Survey Scam - Free Bunnings Gift Card
  12. Plea to Help Find Homes for 52 Thoroughbred Horses
  13. Giant Table and Chairs Horse Shelter Photograph
  14. Wrestling Star John Cena is NOT Dead
  15. Facebook 'Pirates' Fraud Warning
  16. Leptospirosis Death Warning - Rat Urine on Soda Can Top
  17. Egg Windshield Attack Robbery Warning
  18. 'Assistance Internet' Email Account Phishing Scam
  19. Misleading Health Advice Email - 'Mayo Clinic on Aspirin and Heart Attacks'