NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information

 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Beware the "Google Voice" Phishing Attack!




                Beware the "Google Voice" Phishing Attack!

               http://lauren.vortex.com/archive/000709.html


Greetings.  Earlier today a reader sent me an example of a phishing
attack that they (and I) had not seen before.  Before I could do much
with it, someone else sent me another example of the same attack.

Neither of these parties are easily fooled by faked e-mail, but one of
them told me that they had almost clicked on the "payload" link this
time, so it's probably worth paying this particular nasty a bit of
extra attention.

Designed to look like either a Google Voice Invite and/or a Google
Voice "message waiting" notification, this Google Voice phish is
either very sloppy, very clever, or perhaps so sloppy that it became
unintentionally clever.

Here is an annotated image of the phishing message: 

http://bit.ly/cO0xeW  (Vortex)

You'll note that it initially appears to be a Google Voice invitation
message, but also includes an apparent waiting voicemail message link.
Contradictory, yes, but people tend to "home in" on what they expect
to see, and in this case the message pretty much has "something for
everyone."

The message also includes a reasonable Google Voice logo -- this is
important to grab people's attention quickly.

The time zone on the message is wacky.  But would you notice at first
glance?

The silliest part is the misspelling evident in "gogle.com" -- but
curious persons who might look up that domain would find that it
actually is (presumably protectively) registered to Google, Inc.!

The "guts" of the message -- the payload so to speak -- relates to the
URL associated with the "Play message" link.  If we mouse over the
link, we can see the actual URL (at least most of it), which begins
like a realistic Google URL, but quickly degenerates into a contortion
that leads the investigator into a maze of apparently crooked domain
registrations.

What happens to people who actually click that "Play message" link?  I
don't know, but odds are that it's nothing pleasant!

Before you say, "Hell, I'd never fall for that garbage!" -- keep in
mind how much e-mail many people receive and how quickly they plow
through it.  A quick glance at a message with a Google voice logo and
an obvious "Play" link will in many cases likely be enough to trigger
a reflexive mouse click.

In the time it's taken to write this all up, a third person has
reported a similar phish to me.

The moral of the story is a simple one.  Stay alert.  Be aware.  And
to paraphrase Quintus Arrius in "Ben-Hur" -- "Click well, and live."

--Lauren--
Lauren Weinstein
lauren@vortex.com
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
   - Network Neutrality Squad - http://www.nnsquad.org
Founder, GCTIP - Global Coalition 
   for Transparent Internet Performance - http://www.gctip.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein