15 replies to this topic

[varalu]

For the past 2 days i have been receiving mails (3 mails till now) from my known contacts having subject "New Gmail interface 2009" and having a link that directs me to http://gmail.elementfx.com/index.html, which is very similar to Gmail home page. Once the user name and password are entered, it passes it insecurely.

i have also attached a screenshot of the site.

Please look into it.

More info:
I believe the mail originated from prayagbin86@gmail.com.

I have also made a post on it in my blog here - http://varalu.blogsp...-interface.html

 gmail_fake.jpg   140.35K   21 downloads

Regards,
Varalu.

[pencke]

Now that is deceptive.
I can tell from the URL that the domain is not actually gMail.com or googglemail.com

The actual URL should be https://mail.google.com/ and the one showing is http://gmail.elementfx.com/index.html

I notice on the actual mail.google.com site the below statement is present:

Lots of space
Over 6585.039488 megabytes (and counting) of free storage so you'll never need to delete another message.

While the false page at gmail.elementfx.com states:

Don't throw anything away.
Over 2730 megabytes (and counting) of free storage so you'll never need to delete another message.

I wonder what anyone is gaining by creating this false page?

[rvalkass]

They have copied an old version of the GMail page and set it up as their own. When you enter any details, they are forwarded to the owners of the site, then the page redirects you to the real GMail homepage.

What they gain is thousands of GMail addresses and passwords. As most people don't seem to understand security, they will have used the same password for their GMail account as well as lots of other sites. Your email address and password would get them into a lot of sites! Directly, they gain your GMail details. Indirectly, potential access to all your accounts on shopping websites, and from that, your bank details.

There was another similar thing going on with the G-Archiver software to back up your GMail account. Take a look at this post by Jeff Atwood.

[gaspe86]

Wow, I guess the if one is in a hurry one can fall for it, but it is always important to remember that the GMail homepage url always appears as https://www.google.com in the address bar. Much damage can be done if one is careless enough to fall for it.

[hitmanblood]

I have checked this page and I don't know if anyone has noticed this or not, this site uses next.php file and it is called from the form when you click on the submit button and then probably saves all data in some mysql base and then reroutes you to the real gmail page. However I would like to point out that you should be careful that you delete cookies because there are ways to steal them especially if you are opening sites like this.

Well this was really nice work for you to find it. On the other hand if you consider how many users will in fact click on that link and submit form then you can imagine how many people will have their privacy harmed and endangered. This is real issue and there ought to be more legalization on this subject.

And one thing I would like to mention is that for any user that is not experienced enough to work off such things they should use some addons for phishing sites, this can save them a lot of trouble.

[galexcd]

This is why bank of america has a sitekey. I think its a great security feature. Basically when you want to login, you can only the username field is visible, and if you are logging into a computer you haven't logged into before it asks you a series of security questions and then displays your sitekey and a password field, and your sitekey is unique to your account. This way if you don't see your sitekey, you don't login. Now that may seem a bit too much effort for gmail to do this, but you could have an option where you want to use a sitekey.

[EngrJayze]

this is definitely a phishing site.. it's only purpose is to illegally get your gmail account.. i wonder why it's still up until now and haven't been reported to google for them to take immediate actions to bring this down..

[apurva]

this is phishing site. someone wants to crack your gmail account and thus has sent you the fake url.
its like they will create fake login page. which will look similar to the original site.

once you enter your login details your details will be forwarded to their email. so dont fall in all this.

[nirmaldaniel]

Yeah like this once i have recived a fake orkut LINK , and i really could not find the diffrence between the original one and the fake one.

But the best way is whenever you have doubt on some Login pages like this you just type some user name and a junk password and give sign in.

Then meanwhile see the status bar of the web browser , it will indicate the path , if you find any annonimus redirection such as freeform mailer etc. to which your page is getting directed you can be sure that it is a fake one.

There are many Phishing websites like this and we must be careful about these Phishing sites because you dont know where your details are getting transferred.

[EngrJayze]

lately i reported this using 'Report Web Forgery...' feature of Firefox and they took it seriously.. that feature is supported and operated by google..firefox shows a 'Reported Web Forgery!' page to me to prevent me from accessing it..

try to visit it now but you won't be able to if you use firefox

one phising site down again for greater web security

PHISHER: 0 | GOOGLE: 1

Edited by EngrJayze, 12 April 2008 - 09:25 AM.