This morning I recieved email that was signed as Gmail Team and that was saying:
Re: Due to recent upgrade in our database, we are terminating all unverified accounts permanently. Reply and give the information below:Username,Password,Date of Birth,Phone&Country. Note! You have one week to comply. Gmail Inc. All rights reserved.
Email address it was sent from was firstname.lastname@example.org.
This is classical example of phishing and social engineering attack. First of all email address is wrong, and Google would not use adress like email@example.com to tell you that you should verify account. Next thing is the signature – Gmail Inc. Company like that does not exist, Gmail is part of Google. Here we have used people’s trust in Gmail and Google to get private information. Also you have a blackmail here, that your account will be deleted and closed if you do not respond. People will react fast and send information that they asked for. Other important thing that shows that it is phishing attack is that they are asking for your password. Companies with services like Gmail will never ask for your password in plaintext. They themselves store your passwords hashed and crypted, so even they don’t know your password. Also there are orher information that even Google might ask for like phone number or date of birth. This is not indicating phishing, but most of time google won’t ask you to send it over email, but it will provide secure form. And even then look for url to check if you are entering data in right form of the right company on right domain.
Be careful, this attacks might be quite sofisticated, and might cost you a lot of stress or even money.