- Saturday, 28 November 2009
- INQ Mobile
- RSS
The sooner every party breaks up the better - Jane Austen's Emma
Gmail vulnerability turns out to be phishing expedition
GOOGLE HAS DISMISSED reports that a purported Gmail vulnerability was being used by unauthorised third parties to hijack domains saying that it turned out to be nothing more than a phishing scam.
According to proof of concept posted Sunday at the bog Geek Condition a bloke called "Brandon" wrote that the vulnerability had caused some people to lose their domain names registered through GoDaddy.com.
But Google information security engineer Chris Evans explained in his bog that, after having a quiet word with those who claimed to be affected by the so-called vulnerability, Google determined that they were victims of a phishing scam.
Attackers sent customised e-mails encouraging Web domain owners to visit fraudulent Web sites such as "google-hosts.com" that they set up purely to harvest user names and passwords.
The fake sites had no affiliation with Google and are now offline.
Once attackers gained the user credentials, they were free to modify the affected accounts as they desired. ยต
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
I know several people who have had this happen to them, and it is a vulnerability with GMAIL.

Hackers are able to inject filters into the users accounts. They then go to godaddy.com and fill the the quick and easy domain transfer form. Emails then get sent to the gmail address registered to the owner of the domain. The filters silently forward those emails to the hacker's email address. The hacker clicks the unique "secure" verification link, and viola! the domain is transferred to someone in Vietnam, in another godaddy account. Then they move it from that account to a different registrar.

They also use this trick to get account details with those friendly "I forgot my password" links.

Domain names are a good target because you can often find the email address the person used to register it, either through the registrar or through the site itself (if the registrar offers privacy protection, like godaddy does).

The hackers have your domain and your email, and they then sell your domain, or try to ransom it back to you.

The vulnerability lies with google.
Sign out of gmail, google calendar, google everything, when you're not using it.