A slightly different topic this time…
I am writing this post, half in appreciation of a brilliant work of phishing email from some one out there… and other half : to help some one who could fall victim to this malicious intent from that same person(s)!
I got a mail in my gmail account yesterday, asking to verify my gmail account:
Note that the from email ID is a bit of a giveaway for careful eyes:
it says “gooqle” and is not from “google.com”.
But how many normal gmail users will be noticing those?
When I clicked on the link to sign-in for verification, I got the following screen (looks quite authentic isn’t it?):
Hardly anything suspicious here…
But I happened to notice (lucky me!) the full url here which was like:
Notice the url with IP address than a proper domain! Again, very easy to miss…
At this stage, I was convinced this was a phishing attempt. But decided to play along. I have entered my google ID with a Wrong password. Obviously, the phishing system can’t recognize that… So it passed me to the next page:
And see what they are asking -
Your phone number or recovery email!
I decided to play along – just typed a random 10 digit number into the phone details and pressed continue:
It gave me this page, before transferring to the “actual” gmail login page:
What it says in reality is:
“Your account is updated into our “hacked” accounts list” :-)
This has to be one of the best crafted phishing attempt I have come across. A recipient of this email can very easily fall prey to this attempt – and I hope this post helps as a protection.
Please feel free to share with people known to you!