Gmail social engineering attack


Download Article as PDF


This morning I recieved email that was signed as Gmail Team and that was saying:

Re: Due to recent upgrade in our database, we are terminatin​g all unverified accounts permanentl​y. Reply and give the informatio​n below:User​name,Passw​ord,Date of Birth,Phon​e&Country. Note! You have one week to comply. Gmail Inc. All rights reserved.

Email address it was sent from was [email protected].

This is classical example of phishing and social engineering attack. First of all email address is wrong, and Google would not use adress like [email protected] to tell you that you should verify account. Next thing is the signature – Gmail Inc. Company like that does not exist, Gmail is part of Google. Here we have used people’s trust in Gmail and Google to get private information. Also you have a blackmail here, that your account will be deleted and closed if you do not respond. People will react fast and send information that they asked for. Other important thing that shows that it is phishing attack is that they are asking for your password. Companies with services like Gmail will never ask for your password in plaintext. They themselves store your passwords hashed and crypted, so even they don’t know your password. Also there are orher information that even Google might ask for like phone number or date of birth. This is not indicating phishing, but most of time google won’t ask you to send it over email, but it will provide secure form. And even then look for url to check if you are entering data in right form of the right company on right domain.

Be careful, this attacks might be quite sofisticated, and might cost you a lot of stress or even money.

social engineering

 

Born in Bratislava, Slovakia, lived in Belgrade, Serbia, now living in Manchester, UK, and visitng the world. Nikola is a great enthusiast of AI, natural language processing, machine learning, web application security, open source, mobile and web technologies. Looking forward to create future. Nikola has done PhD in natural language processing and machine learning at the University of Manchester where he worked for 2 years. In 2020, Nikola moved to Berlin and works in Bayer Pharma R&D as a computational scientist.

Leave a Reply

Your email address will not be published. Required fields are marked *