Credentials that protect Google accounts are highly valuable for cybercriminals because they are used to access a number of services. That’s probably why scammers have launched a new campaign that’s designed to steal usernames and passwords.According to Sophos experts, the emails bear the subject Account Verification and look something like this:
Dear Account User,
Thanks for updating your e-mail address with us.We changed your recovery e-mail address in our files to [fakeaddress]@hotmail.com.If this is correct, you can disregard this e-mail. If the new e-mail address is not correct or you did not request this change. Follow the instruction in updating your account http://accounts.google.com
However, Failure to do so may result in account suspension permanently.
Thanks for using Gmail!.
As usual, the threat that ends the email is designed to make the future victim comply with the request without giving it too much thought.
So once the link from the notification is clicked, the user is taken to a page that almost perfectly replicates a Google login webpage, hosted on a compromised domain.
After the internaut provides the account credentials, they are stored in a database controlled by the crooks that run the scam. At this point, they can utilize the username and the password not only to dupe the victim’s contacts and friends into clicking on cleverly crafted links, but also to send them distress emails in which they urgently request money.
Google has implemented many clever features to protect accounts and customers are recommended to put them to good use.
Two step authentication systems and strong passwords are always a great way to ensure that your account never falls into the wrong hands, but common sense can also help.
For instance, never trust so-called Google login pages that are hosted on other domains than the ones that are well known, such as gmail.com. Also, never click on links received in suspicious emails that are poorly written, even if they are signed by “Gmail!.”
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1