CERT mailing list archives

Current Activity - Gmail Phishing Attack

From: Current Activity <us-cert () us-cert gov>
Date: Thu, 2 Jun 2011 13:09:23 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Gmail Phishing Attack

Original release date: June 2, 2011 at 12:57 pm
Last revised: June 2, 2011 at 12:57 pm


US-CERT is aware of public reports of a phishing attack that
specifically targets US government and military officials' Gmail
accounts. The attack arrives via an email sent from a spoofed address
of an individual or agency known to the targeted user. The email
contains a "view download" link that leads to a fake Gmail login
page. The login information is then sent to an attacker. Google has
indicated that this phishing campaign has been disrupted and that
affected parties have been notified.

US-CERT encourages users and administrators to do the following to
help mitigate the risks:
  * Review the Google blog entry Ensuring your information is safe
    online.
  * Do not follow unsolicited web links or attachments in email
    messages.
  * Use caution when providing personal information online.
  * Verify the legitimacy of the email by contacting the organization
    directly through a trusted contact method.
  * Refer to the Recognizing and Avoiding Email Scams (pdf) document
    for more information on avoiding email scams.
  * Refer to the Avoiding Social Engineering and Phishing Attacks
    document for more information on social engineering attacks.
  * Refer to the Using Caution with Email Attachments document for
    more information on safely handling email attachments.

Relevant Url(s):
<http://www.us-cert.gov/cas/tips/ST04-014.html>

<http://www.us-cert.gov/reading_room/emailscams_0905.pdf>

<http://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html>

<http://www.us-cert.gov/cas/tips/ST04-010.html>

====
This entry is available at
http://www.us-cert.gov/current/index.html#gmail_phishing_attack

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTefDtT6pPKYJORa3AQKqHgf/crb/sf62+bBB0p08EaB0NYUo4XfPJQOO
/t4J81NzofF9prDcGm3Fzk3uEePokQ+L7bauJIJnfUvLDeGwHf0xYBUtGQEuWDyw
3xBTIUhPU6cAvGWWeE724UQn0GJAu6Wp2MXXOpqgO8s8KlPY3HU8a7l+gG+cAt20
15M6ui7mbPO/G+pNRLrXfSdat+uF0Q6XkwTwDUvdfwyCjDEmJmKacoYQh4GQHGTr
UciYLJY9VwvQdtaZEDPVLrIA8s9+P8OJhCw/2IPaGfXHtqFVGSZsPYbe1Brxy+7z
d20q1KkX/TOyZIC4InZpxOY2A8eJckfb315qbKY/Xv1qHt4rvOdGDg==
=DJjD
-----END PGP SIGNATURE-----
Current thread:

Current Activity - Gmail Phishing Attack Current Activity (Jun 02)