

If you're new here, you may want to subscribe to the If you're new here, you may want to subscribe to the RSS feed for this blog. Thanks for visiting!

If Phishing is a new term to you then please read this post. Wikipedia will tell you that “phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.” Often it may look like a message from your bank, or it could be Paypal or eBay. The phisher does not know whether you really have an account, but tries everyone in the hope that some may fall from it.

Here is one of the best phishing exploits I have seen. I have now twice received a message apparently from Google within the past three days that read as follows:

When you click on the link, then you see the familiar Google Gmail Welcome page.

Except that this is not the regular Google page. If you look up at the address field, you will find the URL is on the domain, .

Checking WhoIs for this page you will find that the administrative contact is the following person.

Undoubtedly if I had keyed in my Gmail username and password, that gentleman would have had access to my Gmail account and could do whatever he wished with it. Needless to say I immediately changed the password, in case he had already been there.

This is a particularly difficult one to spot, so it is important to be extra vigilant. Google has some good information about Messages asking for personal information. It also provides more detailed information about Suspicious results and strange behavior: Phishing attacks in other words.

You can forward such phishing Gmail messages to phishing@google.com and can send the Phishing URL to the Google Phishing team using their Phishing Report. Google also provides a link to Stopbadware.org, where you can learn more about malware that can infect your computer.

Some phishing attacks are not too difficult to spot, often including spelling mistakes and somewhat curious links. This particular current Gmail phishing incident is highly professional and the only clue is that URL address when you click on the apparent Google link.

Please spread the word rapidly. If you are on Twitter, then please ReTweet the message below.

Pl.RT: Important Alert: Latest Gmail phishing exploit is very tough to spot: http://su.pr/5SFqGS : pass it on.

Undoubtedly many people will be taken in.