Commtouch Labs alerted me today to a very convincing Gmail phishing scam. The scam was so convincing, that I had to open the REAL Gmail log-in page and flip back and forth to compare the inconsistencies.
Check it out…
This is the fake Gmail log-in page, built to trick people into entering their username and password.
Once entered, the victim’s personal information becomes part of a database of usernames and passwords, giving cybercriminals direct access to personal information.
The REAL Gmail log-in page looks like this:
The red arrows point out the differences in the phony and legitimate login pages. Unknowing visitors may not notice such subtle differences and may not think to check the address bar for the Gmail URL before entering their information.
This phishing scam is hosted by a well-known hosting company. While the domain name is legitimate, the sub-domain leads us to this phishing site. This tactic increases the importance for advanced URL filtering solutions to include the deepest level of categorization. Many standard URL filtering solutions, like those that use local databases of a limited size and rely on periodic updates, categorize to the domain level — in this case a hosting site. Since Commtouch URL filtering is based on a data-cloud solution, it has the ability to categorize on a more granular level, enabling us to have caught such a threat in real time.
Download this white paper for more information about Data-Cloud URL filtering.