Users of Gmail, Google’s email, are victims of phishing attempts

Gmail users are not safe from phishing. Indeed, the e-mail platform of Google is also the prey of a phishing attempt, unfortunately quite well orchestrated.

To understand this phishing on Gmail users, let’s begin by reminding what phishing is. Who has never received an e-mail indicating a refund due to an overpayment? Or a mail from a bank requiring you to enter your password as part of an audit procedure?

The crooks send thousands of e-mails like these, pretending to be an official entity (Bank, Microsoft, Apple, …). Their goal is that a victim believes this and discloses personal information (Credit card number, password, …). This scam on the internet is what is called phishing.

  • Phishing applied to Gmail

In the case of Gmail, the phishing attempt looks a bit different. The method is about sending a message to the person to be trapped. For more efficiency, scammers used a corrupted account belonging to a legitimate owner known by the potential victim.

Gmail login

This mail invites the recipient to open a document stored on “Google drive”, the cloud storage service of the Internet giant. This service is pretty well known to familiar Gmail users. But after having clicked on the link, the Gmail login page appears of instead of the expected document.

Surprised, the person thinks he / she has been disconnected and then enter again his email address and password. Unfortunately, this is where the fraud takes place. It was not an untimely disconnection but a misleading page displayed by the crooks after having clicked on the request to access Google Drive.

  • Skilled users were trapped

The scammers have now recovered the login / password and then rapidly access the victim’s mailbox. They check e-mails for sensitive data. They also take advantage of this access by stealing the address book of the victim. The scammers can then reproduce the process of such phishing attempt.

This phishing attempt targeting Gmail accounts is subtle and many skilled users get caught. A more discrete visible element of this fraud attempt is the URL used. This is different from the normal address: https://mail.google.com. But scammers know that we don’t always pay attention to the content of the bar at the top of the internet browsers.

Be vigilant Gmail users! And pay attention especially if one of your contacts invite you to view a document on Google drive.

The crudest scams are more effective

A Microsoft researcher has recently published a study on scams attempts by emails : the most outlandish stories are more effective and produce better results!

The bigger, the better it works! One could say that this is the conclusion in one sentence of the study made by Cormac Herley. This study, very mathematical, says that e-mails written in broken English and looking obviously to a scam are yet more effective.

money effective trapIf scammers refine their e-mail traps by taking care of spelling and reporting a less complicated story, they probably would affect more people in the first phase. But the work that awaits them would be increased tenfold, so that ultimately many attempts will revealed to be unsuccessful because the persons receiving these e-mails would have guessed the scam meanwhile.

With stories riddled with spelling mistakes and promising incredible heritage or huge gains in a lottery on the internet, scammers receive little answers, but those answers are more likely to lead to a scam. In this way, they avoid having to deal with many answers and can focus their efforts on the curious people who answered.

Scammers do not have time to waste and efficiency is a desirable goal! Only the most interested internet users respond to these emails. For a crook, an Internet user who answers has already one foot into the scam. Scammers have “only” to conclude the scam with some well-crafted speech, and this is domain where they are the masters.

Again, we have been saying it on our site for a long time, inheritances coming from unknown person or Internet lottery winnings are scams! Never send money to someone you met on the net, whether it is to help or to advance expenses, these are scams!

Winter sales : Avoid scams on the internet

Winter sales are about to start. But beware of scams.

Winter sales are a good time to do business online ! But be careful and do not fall into the trap of fake websites spoofing the name of big brands. What you think is a saving of money could appear to be waste of money in a scam.

On the net, there are many fake e-commerce sites. Those are created by fraudsters for the sole purpose to cash a payment from you. In order to achieve this goal, they offer goods at very attractive prices. But after having placed your order, you will not receive anything or, in the “best” case, a low-end product that has nothing to do with your order…

winter salesOne of the usual ways to spot an e-commerce is the excessive amount of discounts it offers. But as the sales period begins, detecting a fake website will be tough because even official webstores offer discounts. It means that everyone must be more vigilant than ever.

But hope is not lost. There are other simple ways to doubt about the seriousness of an e-commerce site during winter sales: If the website is riddled with spelling mistakes or weird sentences, there is little chance that this is an official website. So do not order on it.

If the site title contains the words “cheap”, “discount” or even “clearance”, there is a good chance that this is a scam. Flee such websites.

Among the brands whose products are offered by many scammers, can be found : Abercrombie, Ralph Lauren, Moncler, Louis Vitton, Louboutin, Nike ….