UPDATE: According to a comment on digg, gmailupgrades.com has been taken down.
Important FYI update for any Gmail users. If you receive the following email in your Gmail account, do not follow the embedded link. With the recent announcement of Google paid Google storage upgrades, the following phishing emails will undoubtedly become more and more the norm.
Dear Gmail customer
From now if you need more than 2 GB of space use this invitation and upgrade your account to 100 GB of space also you can register one free domain name via this invitation
your account upgrade will done after 24 hours
your invitation code is: http://gmailupgrades.com/Gmail-Account-Upgrade/…/
Thank You
Gmail Support Department
The email From: address is gmail-noreply@google.com. However, the "Mailed-by:" domain is marauder.websitewelcome.com. The link redirects to a website which looks very much like Gmail.
If did follow the link and entered your Google Account username and password, immediately visit Google’s Account Management [google.com/accounts/ManageAccount] to change your password. [Digg this]
Business Email Solutions
Don’t get yourself stuck in an email scam, make sure to use secure email hosting for your business. There are many exchange outsourcing options out there, but only one email option really beats the competition, and that’s intermedia.com.
43 Comments
Quote
Their poor grammar and use of long links from abstract domains also makes you question its authenticity.
Quote
Hmm, you’ll have to be careful with everything, that sucks.
Well, thanks for pointing that out!
Quote
Man I am just stupid enough to fall for that. Thanks!
Quote
Some phishing attempts are so sneaky now. I especially hate ones like these that have a legit looking “From” address. I’ve seen some very legit looking phishing attempts to online banking customers too from working at an IT Support Centre. This is definitely a wake up call for me since I’ve left that job.
Quote
Just figured I’d putt around on the fake website. I tried going directly to the login.php page and got a table that looks like this:
Warning….You may ingore this…!!!!
You have set to get upload/attachments in your email from form, however, you have not set temp folder path, where your image would be save Please Set this path in variable “$TempFolder”
Warning….You may ingore this…!!!!
However, If you don’t specify the path, then uploaded files will be store in the folder ” /home/fabio20/public_html/gmailupgrades// ” Is this ok ?
Just for your information
What do you wish to do with uploaded files, after sending those file with email as an attachment to you ? Do you wish to keep upload files or wish to delete? If you wish to delete your uploaded files after sending an email to you,set option to “0″,like,”$DeleteUploadFiles=0″, if you wish to keep the uploaded files set this to “1″, Currently it is set to “0″
Obviously the guy’s running a linux server with the username fabio20. A whois.net search on the domain name returned these results:
Registrant Contact:
name– DNS MANAGER
org– ABSOLUTEE CORP. LTD.
country– CN
province– Hongkong
city– Hongkong
address– FLAT/RM B 8/F CHONG MING BUILDING 72 CHEUNG SHA WAN RD KL
postalcode– 999077
telephone– +00.85223192933
fax– +00.85223195168
E-mail– gm2827655711104@absolutee.com
It’s the same information for all sections of the whois.net result.
I checked the domain the e-mail was registered at, and didn’t pull up an actualy website. Rather, I googled the domain section of the e-mail and found that a lot of scammer e-mails come from that domain. It’s probably something offshore, maybe Hong Kong also. I didn’t bother doing the whois.net search on it, but if anybody’s bored you can do it.
Just wanted to throw this information out there for everyone to look at. I know it’s not super important or anything. It’s too bad that these people make so much money from scamming and phishing. If only people would begin to wisen up and not trust e-mails asking for verification of usernames and passwords. Alas, this problem will always be around.
Quote
Thank god im not dumb enough to fall for that stuff
Quote
Everyone should submit fake details, just to clog up his system, and maybe stop him from finding the real details, and changing passwords…
Quote
The fact that its http://gmailupdates.com instead of gmail.google.com/updates/xxlkjslkjdsl….. would alert me to a fake url. But whatever… Go on sheep click the links.
Quote
Thanks for the heads-up!
Quote
This is one of the reasons why I think people should not use services like gmail. Apart from the fact that you are 100% sure that third parties (all the google employees with sufficient clearance) can monitor your communications sooner or later there will be a successful attempt to hack your account, through social engineering or otherwise.
Quote
That’s too obvious, I would check the headers and easily notice the ip-originating wasn’t a Google ip, nor were the mx records from Google.
Quote
Except that you can’t see the IP of the sender in Gmail.
Quote
I have just reported this to the Hong Kong Police cybercrime section.
Quote
Only if Gmail was the sender.
If it was sent to gmail from a non gmail interface / server it would show in the headers.
Quote
Thanks for the warning. I wish I could play around on this site, but OpenDNS won’t let me access the site.
Quote
Yup I use OpenDNS too and it’s great!
Quote
Of what value is a stolen gmail account when they can simply sign up for as many as they want?
The only thing I can think of is that with a bunch of valid, real-world gmail accounts with histories of being used, they might be able to get away with spamming other gmail account addresses for longer than they would had they been sending spam using brand new accounts.
Quote
I know of a few people who save important registration confirmation emails in their Gmail accounts for reference at a later date. These confirmation type emails often include username / passwords.
Quote
Somehow the picture changed while I was blogging this story. It went from a gmail picture to the picture you now see. It happened today at 11:20 EST… The URL to the picture is the same, however the picture itself has changed. Have you been hacked ???
Details - I dug the story, and editted it , and grabbed the picture thru blogger. Somehow when I was posting my NEWS on my newsroom, the picture changed , I have a snapshot of my posting, and the source code to show blogger to see where the problem lies… any questions, just email me. Thank you for your time, OS9USER (Site Owner)
Quote
Never heard or received of this newsletter before. But, it is better to be safe than sorry. Good thing that you posted this article out.
Quote
You would have to be REALLY stupid to fall for somthing like this
Quote
Some time back a lot of paypal users had fallen into this trap. Gmail users have to be wary of this
Quote
I had a email this morning from the suppose gmail team doing upgrades and that they need your email address,password,date of birth,and country u live in and stupid me did that and sent it back and now I have no way to access my work email and my home email and I have sent 10 emails to gmail to help me and no response so be careful there is that one out there and do not do what I did and send them the stuff because u will end up like me with all my work stuff lock in on gmail with no way to get it out because they changed the password and also changed my secondary email password to. So be careful
Quote
Crazy enough we just got another bogus email asking for verification on all AdWords accounts. They try and do a pretty good job of masking the URL but if you pay close enough attention the subdomain stands out quite well.
Several of our clients inquired about this so if you come across any emails from Google double check the address link before you do anything. It’s a shame people will go to this length to rob others.
Quote
Google needs to make it very clear that any mail from google is really from google. Make it look really different so that you can’t copy it. That will solve most of the problems.
Quote
Wow that was pretty shifty, the URL made it seem so really.
Incoming Links
Leave a Reply