A new phishing scam has appeared that is targeting users of Google's email service Gmail, trying to trick the susceptible into handing over account details in exchange for a phony cash prize.
The email in question claims to be from Gmail themselves, and encourages people to click though to another website and provide their details in order to obtain the cash. The usual patter is in evidence - you have been randomly selected for a US$500 cash prize, aren't you lucky, just provide your personal details, follow this URL, etc. The URL in question takes the victim to a Tripod-hosted website that appears to be a legitimate Gmail page. After they arrive at the site, victims are told they must register for "Gmail games" by entering in either their e-gold, PayPal, StormPay or moneybookers account information.
"Of course, this email wasn't really sent by the folks at Gmail, and the $500 cash prize doesn't exist," said Graham Cluley, senior technology consultant for Sophos. "Anyone tempted to try and collect it is in danger of walking straight into a trap set by these fraudsters. People need to learn that there is no such thing as a free lunch, and to be much more wary of unsolicited email communications whoever they may appear to come from."
Google has promised to take action, saying that they will be able to quickly detect and block emails coming from the rogue IP addresses, thereby limiting the scope of the attack to a small number of Gmail users. They also claim that the phishing detection capabilities built into Gmail will be able to help.