Security threats Toolkit

Google used as bait in phishing scam

Published: 10 Nov 2005 10:50 GMT

Fraudsters are using a promise of a $400 prize from Google as bait in a new phishing scam aimed at stealing credit card data, a security expert has warned.

A fake copy of the Google Web site hosted on a server in the US displays the message: "You WON $400.00 !!!", security monitoring company Websense said in an alert . To collect their prize, "winners" are asked to click on to a second page that asks them for their credit card details and address, Websense said.

The fraudulent Web site was advertised in a spammed email, Websense said. The San Diego-based company's Websense Security Labs has an automated system that scans the Web for malicious sites and sells a product to protect customers against those threats. As with all phishing scams, Internet users in general can protect themselves by being cautious with e-mail and not following links in spammed messages.

Phishing is a persistent problem, but coordinators in the fight against the schemes recently said their efforts appear to be paying off. A total of 5,259 phishing sites were spotted in August, up substantially from 4,564 in July, according to the Anti-Phishing Working Group. At the same time, the number of spam e-mail campaigns to lure people to phishing sites decreased for the second month in a row, the APWG said.

Scammers have used Google's well-known name before in their schemes. For example, in September a malicious program was discovered that redirected users into clicking on phony search results on fake Google, Yahoo and MSN sites.