The phishing site almost perfectly replicates the genuine log-in page
Another phishing scam that relies on the old “account update” theme is currently making the rounds, attempting to trick Gmail users into handing over their usernames and passwords.“As part of our security measures, we regularly update all accounts on our database system. We are unable to update your email account and therefore we will be closing your email accounts to enable the web upgrade,” the bogus notifications read.
“You have been sent this invitation because our records indicate you are currently a user whose account has not been activated. We are therefore you sending this email so you can inform us whether you still want to use this account.”
Recipients are warned that if they refuse to update their accounts, they might lose access permanently.
The folks from Hoax Slayer reveal that users who click on the links contained in the email are taken to a site that almost perfectly replicates the Gmail sign-in page.
Once they provide their usernames and passwords, victims are presented with a second phishing page on which they’re requested to enter their phone numbers, which are allegedly needed for verification purposes.
In the final part of the scheme, users are asked to provide an alternate email address.
Cybercriminals are leveraging the fact that it’s not difficult for internauts to click on a link and log in to their Gmail accounts. This is why it’s important for users to be suspicious of any notification that claims to come from Gmail, Facebook or any other popular website.
If this scam sounds familiar to you and you’ve just realized that you’re a victim, be sure to immediately change the password of your Gmail account, along with the passwords of any other accounts that share the same credentials.