April 19, 2010

Beware the "Google Voice" Phishing Attack!

Greetings. Earlier today a reader sent me an example of a phishing attack that they (and I) had not seen before. Before I could do much with it, someone else sent me another example of the same attack.

Neither of these parties are easily fooled by faked e-mail, but one of them told me that they had almost clicked on the "payload" link this time, so it's probably worth paying this particular nasty a bit of extra attention.

Designed to look like either a Google Voice Invite and/or a Google Voice "message waiting" notification, this Google Voice phish is either very sloppy, very clever, or perhaps so sloppy that it became unintentionally clever.

Here is an annotated image of the phishing message.

You'll note that it initially appears to be a Google Voice invitation message, but also includes an apparent waiting voicemail message link. Contradictory, yes, but people tend to "home in" on what they expect to see, and in this case the message pretty much has "something for everyone."

The message also includes a reasonable Google Voice logo -- this is important to grab people's attention quickly.

The time zone on the message is wacky. But would you notice at first glance?

The silliest part is the misspelling evident in "gogle.com" -- but curious persons who might look up that domain would find that it actually is (presumably protectively) registered to Google, Inc.!

The "guts" of the message -- the payload so to speak -- relates to the URL associated with the "Play message" link. If we mouse over the link, we can see the actual URL (at least most of it), which begins like a realistic Google URL, but quickly degenerates into a contortion that leads the investigator into a maze of apparently crooked domain registrations.

What happens to people who actually click that "Play message" link? I don't know, but odds are that it's nothing pleasant!

Before you say, "Hell, I'd never fall for that garbage!" -- keep in mind how much e-mail many people receive and how quickly they plow through it. A quick glance at a message with a Google voice logo and an obvious "Play" link will in many cases likely be enough to trigger a reflexive mouse click.

In the time it's taken to write this all up, a third person has reported a similar phish to me.

The moral of the story is a simple one. Stay alert. Be aware. And to paraphrase Quintus Arrius in Ben-Hur, "Click well, and live."


Posted by Lauren at April 19, 2010 05:00 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein