Phishers Lure Google Users With Bogus Google Cash Prizes

Jay Wrolstad, newsfactor.com

An online scam offering the lure of free money through a bogus Google Web site has been uncovered by security company Websense, which reported that the site was shut down about 30 hours after it was first discovered on Monday.

The phishing attack employed a page that closely resembled the real Google home page, with a banner message claiming "You won $400.00!"

Users were instructed to collect their prize money by transferring it to a credit card. To do so, they were asked to provide their account numbers. They also were asked to provide their home addresses and phone numbers.

After the sensitive personal information was collected, users were redirected to Google's legitimate Web site. The phishing site was hosted in the U.S., Websense said.

Direct Approach

"This is a little different than other phishing attacks in that it attempted to entice people into divulging their credentials and using the Google name, as opposed to attacks that target banks or e-commerce sites," said Dan Hubbard, senior director of security research at Websense.

This particular phishing site did host other attacks targeting financial institutions, he added, noting that the approach taken by these criminals was fairly rudimentary when compared with attacks that use a Trojan horse or log a user's keystrokes.

Attacks on the Rise

And the Google mimicry reflects a disturbing trend. A recent Gartner survey showed that phishing attacks grew at double-digit rates last year in the U.S.

In the 12 months ending in May 2005, some 73 million U.S. Internet users said they received an average of more than 50 phishing e-mails in the prior year; some users reported a dozen or more daily.

And an estimated 2.4 million online consumers report losing money directly because of the phishing attacks. Of these, approximately 1.2 million consumers lost $929 million during the year preceding the survey, Gartner reported.

"The standard security rules apply in protecting yourself from a phishing attack," said Hubbard. "Don't click on links in e-mail messages, type in the address of a bank yourself, run the latest antivirus software, and obtain the latest security patches."

"And," Hubbard noted, "you can assume that anyone offering you some sum of money on the net is most likely just a crook." Copyright 2005 NewsFactor Network, Inc.

NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at

. Hundreds of new articles daily.

*** FAIR USE NOTICE. This message contains copyrighted material the use of which has not been specifically authorized by the copyright owner. This Internet discussion group is making it available without profit to group members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of literary, educational, political, and economic issues, for non-profit research and educational purposes only. I believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner, in this instance, News Factor Network.

For more information go to: