Tagged: Gmail Toggle Comment Threads | Keyboard Shortcuts

  • Geebo 8:00 am on May 8, 2025 Permalink | Reply
    Tags: Gmail, , , , ,   

    Google Spoof Scam Exposes Flaws 

    By Greg Collier

    Phishing has evolved far beyond clumsy scams riddled with typos and generic threats. It now wears the mask of legitimacy, often cloaked in branding and technical language convincing enough to fool even savvy users. A recent example of this growing trend involves an especially deceptive attack using Google’s own infrastructure as a weapon.

    Cybercriminals have been exploiting Google Sites and other services to distribute phishing emails that appear to originate from Google’s own domain. In this case, a message disguised as a legal request from law enforcement was sent to users, complete with references to subpoenas and the need to review case materials. The message urged the recipient to click on a link to a Google support page, which in reality led to a page designed to harvest login credentials.

    The trap is insidious. The phishing page is hosted on a subdomain of Google.com, lending a false sense of trust to unsuspecting users. Because the site is built with Google Sites, it carries the appearance of a legitimate Google interface. The attackers further muddy the waters by ensuring the phishing email lands in the same thread as previous legitimate security alerts, increasing the likelihood that users will trust it.

    The deeper issue lies in how Google has allowed this vulnerability to persist. The legacy version of Google Sites, still accessible today, permits anyone to publish content on a Google.com subdomain. This opens the door to abuses like malicious scripts and fake credential portals. Google has been warned about this gap in security, yet the core issues remain unresolved. While some reactive measures have been taken, the architecture still leaves room for repeat abuse.

    This raises a broader concern about corporate responsibility in digital security. Google has positioned itself as a cornerstone of online identity and infrastructure, and with that status comes the obligation to protect its users proactively. Allowing these phishing schemes to exploit the trust associated with the Google name creates not just a security risk, but an erosion of that trust.

    Google’s statement suggests users enable two-factor authentication and passkeys as a defense. While this is sound advice, it shifts the burden onto individuals to compensate for shortcomings in the platform’s safeguards. The more sustainable solution would be for Google to close the loopholes that allow bad actors to operate under its umbrella in the first place.

    As phishing continues to mimic trusted entities more convincingly, users must remain cautious. But the companies whose tools are being weaponized also bear responsibility. Until tech giants like Google take these exploits seriously and move swiftly to harden their platforms, the digital wolves will keep getting in, dressed in ever more convincing sheep’s clothing.

     

  • Geebo 10:24 am on January 18, 2017 Permalink | Reply
    Tags: Gmail, ,   

    New phishing attack targets GMail 

    New phishing attack targets GMail

    For those of you who may not know, phishing is a type of scheme where an entity casts a wide net to a number of users in order to obtain the personal information of a few random victims. It’s like fishing but with a ‘ph’ because the internet likes to misspell things.

    A new phishing attack has appeared throughout a number of GMail accounts. If you use Google’s free webmail service the phishing email appears to be from someone on your contact list. That probably means that their account has probably been compromised. The fake email will have an attachment included in the email and when you click the attachment a new tab or window will pop up asking you to reenter your GMail login info. However, the new tab or window does not take you to GMail but rather takes you to a webpage designed to look like GMail, but in actuality is a fake page waiting to steal your login info as soon as you enter it.

    Some of the tips to avoid phishing attacks include not clicking on random attachments from strangers and in some cases from your friends. If it’s an unsolicited attachment there’s a pretty good chance it could be part of a phishing attack. Also, when logging in to your account check the URL, or web address, in your browser’s address bar. If it doesn’t belong to the service you’re logging into you could be compromising your info.

     

  • Geebo 8:17 am on May 4, 2016 Permalink | Reply
    Tags: , , Gmail,   

    Don’t fall for fake customer support numbers 

    Don't fall for fake customer support numbers

    Having problems with your Facebook account? How about your GMail or Office 365? Surely giant corporations like Facebook, Google and Microsoft have customer service numbers that you can call. Actually, they don’t. Gone are the days when you could call just about any company up on the phone to try to get them to resolve your problem, especially tech companies. Behemoths like Facebook and Google have become such large global corporations offering free services that it is financially unfeasible for them to offer phone assistance. That hasn’t stopped some from trying to take advantage of that situation.

    If you were to go to your search engine of choice looking for these numbers you would definitely find some. However in many instances they are not legitimate numbers. Instead they are scam artists posing as these companies in order to take something valuable from you. They could be trying to access your GMail or Facebook accounts in order to steal personal information or they could be falsely charging you money to ‘fix’ whatever issue it is that you have.

    For the record, Geebo is very approachable and you can even Tweet at our CEO.

     

c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel