Thursday, May 5, 2011

Alert! Fake Gmail Account Verification

There is a fake Gmail Account Verification email is going around. Please make sure you double check before you enter logging details. Let's look at some simple steps where you can identify whether it is fake or genuine email and steps you can take in a case you have already given out your username and password.

Creating a fake login is one of the simplest and effective ways of hacking a gmail, msn, yahoo or any email account password. It dose not involve much programming or hacking knowladge. Attacker will fool you to steal your user name and password. I will show you how you can identify such fake emails and protect your username and password.

Lets have a quick look at a fake Gmail Account Verification I have received.

At a glance, you will not find much difference. Specially Gmail hides the senders email address. So you will see senders display name, Subject and email body, which sounds like a genuine email from Gmail team. 
As soon as an email ask you to provide username and password (for any account) , bank account details or any sensitive information you should go through the following step. 
1. Check the Senders email address. Check whether it is coming from genuine domain name. If the email is from your bank email address need to be from bank website domain or related domain name. In this example email came from a  domain name which is not related to Google or Gmail. Definitely, this email is fake and you do not even need to check further. However, do not forget there are ways to change the senders email address as well. In this case the attacker was not intelligent enough to change the email. 
2. If the senders email address seems to be ok them move to the links provided in the email body. Normally attacker would direct you to a website or ask you to reply to the email. In this scenario, they have given a link.  It looks like it is from Google but once it is clicked it actually goes to a different domain name, which is not Gmail. So, do not type your username and the password. 

In case they have ask you to reply back to an email, you can check the reply to address. It is hard to fake the reply to address, Because, they wants you to send the login details to one of their accounts. 

3. Thirdly you can check the website they have provided and find out the differences. However, that might not be a good idea. Anyways, first thing I have noticed is that even though I am logged into Gmail when I click on the link it did not log me in automatically. 

Finally, make sure you do not send usernames, passwords bank account details or any personal details to strangers. 
Blog Widget by LinkWithin