Jay Wrolstad, newsfactor.com
An online scam offering the lure of free money through a bogus Google Web site has been uncovered by security company Websense, which reported that the site was shut down about 30 hours after it was first discovered on Monday.
The phishing attack employed a page that closely resembled the real Google home page, with a banner message claiming "You won $400.00!"
Users were instructed to collect their prize money by transferring it to a credit card. To do so, they were asked to provide their account numbers. They also were asked to provide their home addresses and phone numbers.
After the sensitive personal information was collected, users were redirected to Google's legitimate Web site. The phishing site was hosted in the U.S., Websense said.
Direct Approach
"This is a little different than other phishing attacks in that it attempted to entice people into divulging their credentials and using the Google name, as opposed to attacks that target banks or e-commerce sites," said Dan Hubbard, senior director of security research at Websense.
This particular phishing site did host other attacks targeting financial institutions, he added, noting that the approach taken by these criminals was fairly rudimentary when compared with attacks that use a Trojan horse or log a user's keystrokes.
Attacks on the Rise
And the Google mimicry reflects a disturbing trend. A recent Gartner survey showed that phishing attacks grew at double-digit rates last year in the U.S.
In the 12 months ending in May 2005, some 73 million U.S. Internet users said they received an average of more than 50 phishing e-mails in the prior year; some users reported a dozen or more daily.
And an estimated 2.4 million online consumers report losing money directly because of the phishing attacks. Of these, approximately 1.2 million consumers lost $929 million during the year preceding the survey, Gartner reported.
"The standard security rules apply in protecting yourself from a phishing attack," said Hubbard. "Don't click on links in e-mail messages, type in the address of a bank yourself, run the latest antivirus software, and obtain the latest security patches."
"And," Hubbard noted, "you can assume that anyone offering you some sum of money on the net is most likely just a crook." Copyright 2005 NewsFactor Network, Inc.
NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at
For more information go to: