Viruses were small files that were attached to files on a floppy disk that spread by people passing infected disks back and forth.  Not really a big threat to the average computer user, we just had to be cautious about scanning any type of floppy disk that came our way.

Wow, lots has changed since those days…

I received an email today from my colleagues at CRN Canada about a brand new type of cyber threat to hit the social networking circles.  Yes, now the popular pastime for many is now being targeted.  CRN informed me this morning about a Facebook password scam making its way around the Internet.

Social Networking Services are an obvious and very attractive avenue for password scams, phishing sites and other malicious activities which our out there just like the old virus on the floppy was, to disrupt life for the unsuspecting computer user out there.  However, these malicious and “pain in the butt” activities are now out there to steal our personal and perhaps corporate information.

Important reminder about password requests via the Internet

If or when you get an email from Facebook, Twitter, LinkedIn or any other social media service or website in general asking you about your password…Don’t follow the instructions. Legit companies of any shape or size would never send you an email asking you information about your password or requesting you follow some sort of instructions about changing your password.

These types of scams are nothing new and they have been around for a while.  So all you security freaks out there, don’t go running around saying social networking is bad (the same thing happened to a number of industries out there).

I am sure the banking industry is thankful for social media because the pressure and the focus may be off them for a while.

Read more about the Facebook Password Reset Scam.

When you click on the link, then you see the familiar Google Gmail Welcome page. 

Except that this is not the regular Google page.  If you look up at the address field, you will find the URL is on the domain, .

Checking WhoIs for this page you will find that the administrative contact is the following person.

Undoubtedly if I had keyed in my Gmail username and password, that gentleman would have had access to my Gmail account and could do whatever he wished with it.  Needless to say I immediately changed the password, in case he had already been there.

This is a particularly difficult one to spot, so it is important to be extra vigilant.  Google has some good information about Messages asking for personal information.  It also provides more detailed information about Suspicious results and strange behavior: Phishing attacks in other words.

You can forward such phishing Gmail messages to phishing@google.com and can send the Phishing URL to the Google Phishing team using their Phishing Report.  Google also provides a link to Stopbadware.org, where you can learn more about malware that can infect your computer.

Some phishing attacks are not too difficult to spot, often including spelling mistakes and somewhat curious links.  This particular current Gmail phishing incident is highly professional and the only clue is that URL address when you click on the apparent Google link. 

Please spread the word rapidly.  If you are on Twitter, then please ReTweet the message below.

Undoubtedly many people will be taken in.

Related Posts

• June 22, 2009 — A URL Shortener For Maximum RTs (ReTweets) (3)
• April 16, 2009 — Are You On Google? (4)
• March 20, 2009 — Zoomit For Proud Canadians (1)
• March 9, 2009 — Since Google Is In Mountain View, CA, Is It A Guru? (0)
• March 6, 2009 — Google Is Killing Its Golden Goose (11)

Post from: The Other Blokes Blog

Latest Gmail Phishing Very Tough To Spot – Watch Out