Bogus Google Notification Leads to Phishing Site

 Analysis by: Michael Casayuran

Trend Micro researchers spotted spammed messages purporting to be a legitimate notification from Google. It informs users to update their primary and backup payment information by logging in to their accounts and entering the updated payment information via the phishing URL http://www.{BLOCKED} provided in the spammed message.

It also employed the name Google Team to cloak the real sender, which are random email addresses, to avoid suspicion from the recipients. Note that legitimate Google alerts use Google Alert as the name of the sender and as its email address. Users are advised to be wary when opening emails and divulging user credentials, even if these came from known sources.

 SPAM BLOCKING DATE / TIME: October 03, 2011 GMT-8
  • ENGINE:6.8
  • PATTERN:8424