baguznet’s blog

Howdy All,

I just would like to let all of you know that there are attacks to Gmail users by sending a pishing email, claiming that the email is sent by Google. I share with you the content of the email that I received below. PLEASE DO NOT CLICK ON THE LINK GIVEN BELOW!!!

Dear members

Your account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have acces and use of your Gmail and to ensure a safe Gmail experience. We require all flagged accounts to verify their information on file with us. This is the right link for update account page After you verify your information, your account shall be returned to good standing and you will continue to have full use of your account. Please note that if you don’t verify your ownership of account
in 2 x 24 hours we will block/ susspend your Gmail.

Thanks,

The Gmail Team

OK. How could I know it is not from Google? Very easy actually. First thing is I did not immediately click on the link provided, in fact, I just point the cursor on it and check what is the actual URL for the said link. And it is pointed to a domain us-gmail.com (you can see, it is not as the usual domain - gmail.com). Now, lets see the original message (Gmail has this feature, to view the original message. Using this you can see the detail for every section defined - header, body and footer.

Delivered-To: baguznet.com@gmail.com
Received: by 10.114.134.3 with SMTP id h3cs46696wad;
Thu, 6 Mar 2008 11:11:20 -0800 (PST)
Received: by 10.78.201.8 with SMTP id y8mr527386huf.18.1204830677972;
Thu, 06 Mar 2008 11:11:17 -0800 (PST)
Return-Path: <zeus@saturn.nswebhost.com>
Received: from saturn.nswebhost.com (saturn.nswebhost.com [66.246.72.132])
by mx.google.com with ESMTP id g11si4460827gve.6.2008.03.06.11.11.16;
Thu, 06 Mar 2008 11:11:17 -0800 (PST)
Received-SPF: pass (google.com: domain of zeus@saturn.nswebhost.com designates 66.246.72.132 as permitted sender) client-ip=66.246.72.132;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of zeus@saturn.nswebhost.com designates 66.246.72.132 as permitted sender) smtp.mail=zeus@saturn.nswebhost.com
Received: from zeus by saturn.nswebhost.com with local (Exim 4.68)
(envelope-from <zeus@saturn.nswebhost.com>)
id 1JXLMU-00077n-94
for baguznet.com@gmail.com; Thu, 06 Mar 2008 13:02:38 -0600
To: baguznet.com@gmail.com
Subject: Gmail is different. Here’s Our New Security Protector Please Update.
X-PHP-Script: zeusbiz.com/ok.php for 202.152.243.162
From: Gmail Team <Gmail Team <mail-noreply@google.com>>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <E1JXLMU-00077n-94@saturn.nswebhost.com>
Date: Thu, 06 Mar 2008 13:02:38 -0600
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - saturn.nswebhost.com
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [33405 1906] / [47 12]
X-AntiAbuse: Sender Address Domain - saturn.nswebhost.com

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=iso-8859-1″ />
<title>Untitled Document</title>
</head>

<body>
<p>Dear members</p>
<p>Your account has been randomly flagged in our system as a part of our routine <br />
security measures. This is a must to ensure that only you have acces and use <br />
of your Gmail and to ensure a safe Gmail experience. We require all <br />
flagged accounts to verify their information on file with us. This is the right <br />
link for <a href=”http://secure.us-gmail.com/”><strong>update account </strong></a>page After you verify your information, your account <br />
shall be returned to good standing and you will continue to have full use of <br />
your account.Please note that if you don’t verify your ownership of account <br />
in 2 x 24 hours we will block/ susspend your Gmail. </p>
<p>Thanks,</p>
<p>The Gmail Team </p>
</body>
</html>

Please look at the quote that I have bold. It indicates that the email is not originating from Google or Gmail team, instead it is a fake email from someone claiming to be from Gmail, or what we call as Pishing Email. The main reason of this is to steal your login information and hijack your account.

So, please be careful when ever you received an email claimed as from Google. DO NOT simply click on the link provided, have a check first, verify the message and confirm it before you take any further action.

Tags: Gmail

This entry was posted on Friday, March 7th, 2008 at 09:55 and is filed under Alert / SCAM / Hoax, Internet, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.