Phishing using Google Calendar
1 comments Sunday, June 29, 2008


Few days ago an interesting attempt to phish for Google account credentials made it to my friend's inbox. As you may know, phishing emails are sent out by abusers to make the recipient in some way reply with their password or click through to enter their password, but the more official looking they are, the more easily they’re believed. This particular mail, shown in the screenshot, had the following attributes:





  • It was sent by “customer care”. OK, could be a lie.


  • It got his name right... might be just luck, as his name is included in his mail address.


  • It was sent with a layout that looked very official, and it even had an actual event from his calendar listed in the information (grayed out in the screenshot in the top right). Now this one was a bit more peculiar, because who else but Google would know his private calendar events?


The subject of the mail read “[Invitation] VERIFY YOUR ACCOUNT”, and the main content included this bit:





User Name, you are invited to VERIFY YOUR ACCOUNT (...)This Email is from Gmail Customer Care and we are sending it to every Gmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Gmail accounts so we are shutting down some Gmail accounts and your account was among those to be deleted.
We are sending you this email to so that you can verify and let us know if you still want to use this account. (...)You will have to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.
* Username:
* Password:




It’s quite obvious Google’s not likely to send out such mails for real. You might have guessed by now how this was done, though: someone apparently set up a Google account with the first name “customer” and the surname “care” (the actual email address was customerservices[some-number]@googlemail.com). They then created an event in their calendar titled “VERIFY YOUR ACCOUNT” – instead of say, “Party Tonight” – with the event description being the text printed above! Finally, they added him as guest to that event, which caused Google to prepare and send the event invitation mail!




If you too ever receive a mail like this, here’s something you can do instead of actually replying: click the blue arrow to the top right of the Gmail message and pick “Report phishing”. A dialog will pop up explaining what phishing is, and it then says: “If you believe this message is a phishing attack, you can report it to our abuse team and help us thwart this attack and others like it.” Google notes though, “Reporting this message as an attack will send the entire message to our team for review.”




Be a safe netizen, REMEMBER:





  • Never ever give out your password on internet


  • Don't click any random link sent to you in emails


  • No provider will EVER delete your account if you do not send them any mail or verification


  • Report phishing if you get any such mail asking for password of orkut, yahoo or any other site.

tags: , ,

ByRohit Srivastwa
at2:23 AM

1 comments
soon you can buy a domain name of your choice (TLD)
0 comments Saturday, June 28, 2008

http://www.nytimes.com/2008/06/27/technology/27icann.html

According to new rules unanimously passed by ICANN, at its meeting in
Paris, any company, organization or country will soon be able to apply for a new
Web address extension, called a top-level domain.

That means you can buy a TLD of your own choice soon


That could smooth the way for Web addresses that end in city names, brands
and generic words. It could also sow confusion in the minds of Web users, create
a host of new ways to exploit the Web addressing system and start a wave of
legal skirmishes over applications to register trademarks — .coke, for
example.


Oh Great OpenTLD is here :)
Watch out for some great TLD in future.
.MAIL
.GOOGLE
.SITE
or may be some cool domain names like store.apple or firstname.lastname

ByRohit Srivastwa
at8:33 PM

0 comments
Orkut is now faster and lighter
15 comments Thursday, June 05, 2008

Google is working hard to make its sites available even to people on low bandwidth. Last they worked upon gmail & now its time for orkut.
They have reworked on the code so that if the pages are taking time to load, user will get a prompt to switch over to low-bandwidth version of the same.

Good to see the initiative, at times I'm sitting idle at airport on low speed data card connections. Thats the best time to contact friends on orkut and now it will be more easier :)

Source: orkut Blog: A faster, lighter version of orkut

tags:

ByRohit Srivastwa
at12:36 AM

15 comments
Let's make a world record
0 comments Wednesday, June 04, 2008

Have you attempted to set a World Record with no luck? Well, now is your chance to change that!
Help set a Guinness World Record by pledging to download Firefox 3 today.
I've pledged. Have you???



ByRohit Srivastwa
at6:42 AM

0 comments
Subscribe to: Posts (Atom)