Paulo Scardine

@scardine

Clever phishing scam of the day

Received this message today, almost fell for it:

This links to a page with an encrypted parameter that seems to auto-fill my email address in the form.

I'm wondering how many people would follow instructions from a 3rd party claiming to be Google, and fill in sensitive information like security questions.

This is very clever:

  1. talk about a very serious matter
  2. sense of urgency (7 days deadline)
  3. email is not from google.com, but cc to due-diligence@google.com.

The website certificate looks legit, but it is not that hard to get one like this:

[update]

Even this message having the classic modus operandi of a phishing attack, I got a Google support ticket opened just in case. Turn out the message is legit!!! Seriously, Google?

Topics of interest

More Related Stories