Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation










Gmail Account Phishing Scam

Outline
Emails, purporting to be from Gmail, claims that recipients will lose their Gmail accounts if they do not reply with account usernames and passwords and other personal information within a specified time frame.



Brief Analysis
The messages are not from Google. They are phishing scams designed to steal Gmail account login details. If recipients reply with the requested information, Internet scammers can then hijack their Gmail accounts and use them for further criminal activities.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:




Scroll down to submit comments
Last updated: 16th July 2011
First published: 14th April 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Examples
Subject: GMAIL ACTIVE [#783253745]

At Google, we take your privacy and security seriously. Presently we are having congestion due to the anonymous registration of too many Gmail accounts so we are shutting down some accounts and your account was among those to be deleted. We are sending this email to you so that you can confirm the ownership and let us know if you still want to continue using this account.

Gmail need you to verify your account details ASAP .

Do you use Gmail with this account ?* Yes No :
Do you use orkut with this Google Account ?* Yes No :
Do you use Blogger with this Google Account ?* Yes No :

Most Importantly The Details below is needed :

* Full Name * :
* Email ID * :
* Password * :
* Year Registered * :
* Country * :
Account Owners who refuse to Participate in the Verification process after receiving this message will lose his/her Account within 48hours Automatically.

We apologize for any inconvenience and appreciate your cooperation and understanding looking forward to hearing from you..

Sincerely,
The Google Account Verification Team


From: Gmail Support
Subject: Your Gmail Account


Due to the congestion in our Gmail servers,there would be removal of all unused Gmail Accounts.You will have to confirm if your E-mail is still active by filling out your login info below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.

Account name:
Password:
DOB:
Country :

Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.
Thank you for using Gmail !

The Gmail Team




Detailed Analysis
These emails, which claim to be from "The Google Account Verification Team" or the "The Gmail Team" warn recipients that their Gmail accounts will be suspended for security reasons unless they confirm that the accounts are still active. The messages further warn that the account will be permanently deleted if requested details are not received within a specified time frame. The recipients are instructed to reply with their Gmail usernames and passwords along with their date of birth, country of residence and other personal details.

However, the emails are certainly not from Google and the claim that the recipient's Gmail account is about to be suspended is untrue. In fact, the messages are phishing scams designed to trick Gmail users into sending their account details to Internet criminals.

The first example above was submitted in July 2011, while the second was submitted back in May 2010. In fact, many other very similar Gmail related scam emails have been distributed over the last several years.

If a recipient falls for the trick and sends the requested details, the criminals behind the scam will then be able to hijack their victim's Gmail account and use it for their own nefarious purposes. Typically, these criminals use such hijacked accounts to launch further scams designed to trick contacts of the victim into sending them money. Once they have gained access to the hijacked account, the scammers will then send emails to all of the people on the account's contact list. These emails will falsely claim that the account holder is in a very difficult situation and desperately needs financial assistance. Usually, such emails claim that the account holder is stranded in another country without money or travel documents due to a robbery or lost baggage. The following is a typical example of such a scam letter:
Subject: PLEASE URGENT Money NEEDED

Hello,

How are you doing ? I hope you are doing fine, I'm sorry that I didn't inform you about my traveling to England for a Seminar.I need a favor from you as soon as you receive this e-mail because I my wallet was stolen on my way to the hotel where my money, passport and other valuable things were kept. I will like you to assist me with a soft loan urgently. I will be needing the sum of $2,500 to sort-out my hotel bills and get myself back home.I will appreciate whatever you can afford to help me with, I will pay you back as soon as I return,I have trust on you,Please kindly let me know if you can be of help so I can send you my details to use when sending the money through Western Union Or Money Gram today, may god bless you and your family.

Any assistant you can offer will be greatly appreciated

regards [Name removed]
Because the message apparently comes from a person that the recipient knows, he or she may be more inclined to believe the story and send money as requested. Since the scam message originates from the victim's own account, it will have his or her own name and email address in the sender field and may also include his or her normal email signature.

Many people on the hijacked contact list will recognize the begging message as a scam because they are aware of such activities or because they know that the supposed sender is not travelling as claimed. However, even if only one or two people on the contact list fall for the ruse and send money as requested, the scammer will be well paid for his efforts. If a person does send money, the scammers may then attempt to trick him or her into sending further "emergency" loans. Of course, once they have gained as much money from their victim as possible, the criminals running the scam will simply disappear with the money.

Meanwhile, the original victim may not even be aware that his or her account has been hijacked, at least in the early stages of the scam. And, one of the first things the scammers will do when they have gained access to an account is to change the account's password, thereby locking the victim out of the compromised account. Thus, even after the victim realizes that the account has been hijacked, he or she may not be able to warn everyone on the contact list to watch out for scam messages sent from the compromised account.

Scammers have used similar tactics to steal account information from users of other popular email providers, including Yahoo, Hotmail and several others.

While some email service providers may have a policy of deactivating unused accounts, they certainly will not ask users to "save" the account by replying with a username or password. Any message that asks you to send your email account username and password via an email is very likely to be a scam.

Bookmark and Share

comments powered by Disqus

References
Friend Stranded in Foreign Country Scam Emails
Yahoo Account Phishing Scam Email
Hotmail Account Closure Phishing Scam
Webmail Account Phishing Scam

Last updated: 16th July 2011
First published: 14th April 2010
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer