Header Ziff Davis Enterprise
Advertisement
Advertisement
Wednesday, July 12, 2006 10:16 AM/EST

Phishing for Google Checkout Dollars?

Hackers have stepped up their attack on Google's sites, this time targeting Gmail.

Websense Security Labs reported Monday that phishing attacks against Google have increased in sophistication. In the latest attacks, users are shown a spoofed copy of the Gmail log-in page with a message claiming, "You WON $500.00!" The page tells the reader that the money will be delivered to an e-Gold, PayPal, StormPay or MoneyBookers account of his or her choice. However, the reader must sign up for "Gmail Games" first and pay an $8.60 entrance fee. The reader is then directed to an actual payment site located in the United States, according to Websense.

While phishing attacks using Google sites are not new, the stakes for these attacks have been raised since Google launched its online payment processing service, Google Checkout. If a Gmail account is compromised, hackers could have access to that user's Google Checkout account.

Websense Security Labs also recently figured out a way to use the freely available Google API to find dangerous .exe files on Web servers around the world.

Create, Communicate, Collaborate with IT Professionals at Ziff Davis Enterprise IT Link

Posted by Steve Bryant on July 12, 2006 10:16 AM

| Comments (3) | del.icio.us | digg.com | Trackback | Post a Comment
View all of Archive
TrackBack

TrackBack

http://googlewatch.eweek.com/cgi-bin/mte/mt-tb.cgi/9434

Comments (3)

Patrick Donnelly :

My VISA was hit with thousands of dollars in authorized charges this week. All charges were from Google Adworks (which I am not a member of and had never heard of). Nor had I ever heard of Google Checkout. I think eBay was right on in banning Checkout for its customers, citing fraud concerns. In only two weeks with Checkout, the fraud has begun. How is it that a person could use my credit card number and set up an account with Google to buy/sell and have it work? Does Google do NO verification of identify in any way? Did the fact my billing address and whatever shipping address the criminal used are different not raise an eyebrow at Google? Amazing.

Posted by Patrick Donnelly | July 14, 2006 5:18 PM

Google Watch :

Thanks for the add? A researcher has exploited a security hole in Google Public Service Search to create an ingeniously deceptive phishing attack that looks like it's hosted on Google's domain.

Posted by Google Watch | September 15, 2006 10:16 AM

Google Watch :

Thanks for the add? A researcher has exploited a security hole in Google Public Service Search to create an ingeniously deceptive phishing attack that looks like it's hosted on Google's domain.

Posted by Google Watch | September 15, 2006 10:22 AM

Post a Comment

 
 



Breaking News

Advertisement

Syndication

Subscribe: Blog Roll:

AdWords and AdSense

Archive

Authors Guild

Data Portability

Defections

Gmail

Google Advertising

Google and Semantic Web

Google and Sun

Google Answers

Google Apps

Google Audio

Google Base

Google Browser

Google Checkout

Google Datacenters

Google Docs

Google DoubleClick

Google Earth

Google features

Google Financials

Google Gadgets

Google Goofs

Google GrandCentral

Google Hires

Google in China

Google Lawsuits

Google Loves Apple

Google M&A

Google Maps

Google Mobile

Google News

Google Patents

Google Philanthropy

Google Products

Google Real Estate

Google Search

Google Strategy

Google Talk

Google Toys

Google Video

Google vs. EU

Google vs. Facebook

Google vs. Microsoft

Google vs. Yahoo

Google's Cloud

Google-Salesforce.com

Googlephone

Hello, Android

Inside Google

JotSpot

Leaving Google

Microhoo

News

Off Topic

OpenSocial

Social Networks

Today in Stupid

Yahoo

YouTube

Advertisement