Fake Gmail site served by Google itself.
Web search and service behemoth
Google
has had its security credibility hit this weekend, after a site was set up on its servers spoofing its own
GoogleMail
service, and demonstrating how the system could be used to gather personal details.
The site was set up via the
Google Public Service Search
system, designed for public bodies and educational institutions, and provided an official-looking interface described as ‘
Gmail plus
‘. When users entered
GoogleMail
login details, they were displayed on the screen with a message making it clear they had been tricked into revealing them.
The page (
here
) was reported to
Google
by the creator soon after it was set up, and has now been removed; visiting it now displays a page warning that visiting it resembles the actions of a malware-infected computer.
Posted on 18 September 2006 by
Virus Bulletin
Leave a Reply