Phishing in Free Gmail E-mail Service
No online service is safe from phishers, including Gmail. Gmail’s web-based e-mail service may receive or be used to send phishing e-mails, if the bad guy can spoof gmail e-mail addresses. Learn how to identify phishing Gmail messages when you login to Gmail’s website or when retrieving the messages using an e-mail program.
Phishing Gmail Messages
A phished or spoofed Google or Gmail e-mail message has only one purpose: stealing your personal or financial information. The
sender will ask you to provide your login credentials, password or other personal information such as your social security number, mother’s maiden name, birthday, PIN code or birth location. When they have the information they need, the attacker will try to login as you and steal your money or identity.
Below is an example of a phishing Gmail message:
From: Gmail Security Team [email protected]
Subject: Secure Your Gmail Account
We have initiated verification on your email address.
Verifying your email address ensures that you can securely retrieve your account information if your password is lost or stolen. You must verify your email address before you can use it on Gmail services that require an email address.
To complete verification, click on the link below:
CLICK HERE TO SECURE YOUR GMAIL
For your security, please keep your email address information up-to-date.
© 2010 Google. All Rights Reserved
The email is not from Google or the Gmail Security Team but from phishers. The link as per Graham Cluley of Sophos will display a fake Gmail login webpage.
Hacked Gmail Accounts
Some legitimate Gmail accounts have been hacked a few months ago. The hacker sends out e-mails using these hacked Gmail account to the contacts of the victim, found in the address book. You will find the report in the Gmail support forums.
You should regularly change your password and if you receive a spam e-mail using your friend or contact’s email address, immediately advise your friend about the incident and suggest changing their password.
How to Prevent Becoming a Victim of Phishing on Gmail?
You must not click any links in unknown messages and never respond to phishing e-mails. Gmail Support or Security Team will never ask for your password, social security number or credit card information. You should immediately delete the message or report it to Google. To report a phishing Gmail message: Open the message > click down the arrow next to Reply > select Report Phishing.
Does Google Authenticate the Senders of Gmail E-mail?
Yes, Google will authenticate e-mails sent by Gmail account users. Gmail has added a security feature to its service by authenticating the sender of a Gmail account. On the Gmail website go to Email from your contact list in Gmail then click “show details to display the header.”
If the e-mail message’s header has been authenticated (signed and mailed by google.com), you will see this:
If you are retrieving your Gmail e-mails using Outlook, Thunderbird, Outlook Express, Windows Mail or another email program, you should check the ‘spf’ and ‘dkim’ with pass: