Barry Welford, one of the Cre8easiteforums moderators, has just alerted us to the follow phishing scam that is targeting Google Account holders.
I have now twice within the last few days had a very authentic-looking Gmail message from Google that in fact is a phishing exploit. If you click on the google.com link you end up on the nautilusdiving.com domain but with a very authentic Gmail Welcome page that encourages you to enter your username and password. More details are here: http://otherbb.com/2009/07/latest-gmail-phishing-very-tough-to-spot-watch-out.html
Don’t be taken in.
Things to remember when receiving an email from ANYONE asking for account information:
- Does the company state in their terms that they will contact you by email? Many banks will not contact you by email.
- Double check the domain name that the link in the email leads to. It is very easy to trick someone into following a link. Here is an example: Use http://google.com for the best search experience! Who spotted out trick BEFORE clicking?
- If in any doubt, ignore the email, and go to the website in your usual favoured manner, and log in to your account. If there really is a change you need to approve etc. then this should be obvious once you have logged in.
- If in doubt, close the email and Search for the problem. If it is a scam, then it is likely that someone has already reported it.
- If you are still not sure, then phone the company / visit their blog to request further information.
You can never be too carefull, especially with your Google account if you use Google Checkout, or use it for your business etc. Google is exceptionally secure, however if you give your password to someone, then no amount of security will protect you.
