Hackers have stepped up their attack on Google’s sites, this time targeting Gmail.
Websense Security Labs reported Monday that phishing attacks against Google have increased in sophistication. In the latest attacks, users are shown a spoofed copy of the Gmail log-in page with a message claiming, “You WON $500.00!” The page tells the reader that the money will be delivered to an e-Gold, PayPal, StormPay or MoneyBookers account of his or her choice. However, the reader must sign up for “Gmail Games” first and pay an $8.60 entrance fee. The reader is then directed to an actual payment site located in the United States, according to Websense.
While phishing attacks using Google sites are not new, the stakes for these attacks have been raised since Google launched its online payment processing service, Google Checkout. If a Gmail account is compromised, hackers could have access to that user’s Google Checkout account.
Websense Security Labs also recently figured out a way to use the freely available Google API to find dangerous .exe files on Web servers around the world.