Few days ago an interesting attempt to phish for Google account credentials made it to my friend’s inbox. As you may know, phishing emails are sent out by abusers to make the recipient in some way reply with their password or click through to enter their password, but the more official looking they are, the more easily they’re believed. This particular mail, shown in the screenshot, had the following attributes:

  • It was sent by “customer care”. OK, could be a lie.
  • It got his name right… might be just luck, as his name is included in his mail address.
  • It was sent with a layout that looked very official, and it even had an actual event from his calendar listed in the information (grayed out in the screenshot in the top right). Now this one was a bit more peculiar, because who else but Google would know his private calendar events?

The subject of the mail read “[Invitation] VERIFY YOUR ACCOUNT”, and the main content included this bit:

User Name, you are invited to VERIFY YOUR ACCOUNT (…)This Email is from Gmail Customer Care and we are sending it to every Gmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Gmail accounts so we are shutting down some Gmail accounts and your account was among those to be deleted.
We are sending you this email to so that you can verify and let us know if you still want to use this account. (…)You will have to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.
* Username:
* Password:

It’s quite obvious Google’s not likely to send out such mails for real. You might have guessed by now how this was done, though: someone apparently set up a Google account with the first name “customer” and the surname “care” (the actual email address was customerservices[some-number]@googlemail.com). They then created an event in their calendar titled “VERIFY YOUR ACCOUNT” – instead of say, “Party Tonight” – with the event description being the text printed above! Finally, they added him as guest to that event, which caused Google to prepare and send the event invitation mail!

If you too ever receive a mail like this, here’s something you can do instead of actually replying: click the blue arrow to the top right of the Gmail message and pick “Report phishing”. A dialog will pop up explaining what phishing is, and it then says: “If you believe this message is a phishing attack, you can report it to our abuse team and help us thwart this attack and others like it.” Google notes though, “Reporting this message as an attack will send the entire message to our team for review.”

Be a safe netizen, REMEMBER:

  • Never ever give out your password on internet
  • Don’t click any random link sent to you in emails
  • No provider will EVER delete your account if you do not send them any mail or verification
  • Report phishing if you get any such mail asking for password of orkut, yahoo or any other site.

0 thoughts on “Phishing using Google Calendar

Leave a Reply