« libwww-perl and exploits
Is Ivan Davidchuk a spammer? »

Gmail phish

I got a Gmail phish today. Short version: They wanted me to fill in my account details, including password, in order to avoid my gmail account being deleted. And then reply with those details.

More details: All images were from the Gmail server. The e-mail appears to have been sent from through Gmail servers, not from anoutside server. Official looking e-mail address.

So, why do I believe it’s a phish?

First of all, Gmail wouldn’t need me to send them anything to confirm my account is active. I happen to be conversant on e-mail servers. Gmail will at any time know - if they need to find out - when I last logged into the server. That’s part of mailserver architecture. In the past, you could use a tool called “finger” to find out when someone else last logged into their mail account. A very useful tool, that unfortunately became a security risk when the internet took a nosedive into spam, commercialism and crime.

The e-mail had a “To” address that wasn’t my address. That’s inelegant, and wouldn’t be used for an e-mail sent to ALL accounts on a server.

Imagine the amount of e-mails something like this would generate, if it were legit. And to even consider using ONE e-mail address as a recipient for responses? Not feasible on this scale. Gmail would use a secure form on their server. But wait, Gmail already knows my password… No human other than the account holder has any business knowing your password, as long as the server itself can handle you logging in and out, changing your password and retrieving it if you lose it. When you know about server architecture, it’s just so obvious that it’s a phish.

Unfortunately, it probably seems legit for a large enough number of people, some criminal element decided it was worth the expense to do this.

Or, if I put on my tinfoil hat, maybe some criminal element decided on trying to acquire the passwords of particular accounts? So guys, who received this phish?

Gmail phish screencap

This entry was posted on Sunday, November 11th, 2007 at 4:20 pm and is filed under Mail spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Gmail phish”

  1. MeanderingMan Says:
    November 13th, 2007 at 1:45 pm

    Another clue about the “phishing” nature of this email is how it is practically shouting at you all the time: capital letters where they are not particularly appropriate, lots of unprofessional-looking changes of font and colours, and a couple of other linguistic oddities. Unfortunately, as you say, it probably seems legit to enough people to make it successful :(

Leave a Reply