Jump to content
xisto Community
varalu

Fake Gmail Interface

Recommended Posts

For the past 2 days i have been receiving mails (3 mails till now) from my known contacts having subject "New Gmail interface 2009" and having a link that directs me to http://gmail.elementfx.com/index.html, which is very similar to Gmail home page. Once the user name and password are entered, it passes it insecurely. i have also attached a screenshot of the site. Please look into it. 

Share this post


Link to post
Share on other sites

Now that is deceptive.
I can tell from the URL that the domain is not actually gMail.com or googglemail.com

The actual URL should be http://mail.google.com/ and the one showing is http://gmail.elementfx.com/index.html

I notice on the actual mail.google.com site the below statement is present:

Lots of space
Over 6585.039488 megabytes (and counting) of free storage so you'll never need to delete another message.

While the false page at gmail.elementfx.com states:

Don't throw anything away.
Over 2730 megabytes (and counting) of free storage so you'll never need to delete another message.

I wonder what anyone is gaining by creating this false page?

Share this post


Link to post
Share on other sites

They have copied an old version of the GMail page and set it up as their own. When you enter any details, they are forwarded to the owners of the site, then the page redirects you to the real GMail homepage.

What they gain is thousands of GMail addresses and passwords. As most people don't seem to understand security, they will have used the same password for their GMail account as well as lots of other sites. Your email address and password would get them into a lot of sites! Directly, they gain your GMail details. Indirectly, potential access to all your accounts on shopping websites, and from that, your bank details.

There was another similar thing going on with the G-Archiver software to back up your GMail account. Take a look at this post by Jeff Atwood.

Share this post


Link to post
Share on other sites

I have checked this page and I don't know if anyone has noticed this or not, this site uses next.php file and it is called from the form when you click on the submit button and then probably saves all data in some mysql base and then reroutes you to the real gmail page. However I would like to point out that you should be careful that you delete cookies because there are ways to steal them especially if you are opening sites like this. Well this was really nice work for you to find it. On the other hand if you consider how many users will in fact click on that link and submit form then you can imagine how many people will have their privacy harmed and endangered. This is real issue and there ought to be more legalization on this subject.And one thing I would like to mention is that for any user that is not experienced enough to work off such things they should use some addons for phishing sites, this can save them a lot of trouble.

Share this post


Link to post
Share on other sites

This is why bank of america has a sitekey. I think its a great security feature. Basically when you want to login, you can only the username field is visible, and if you are logging into a computer you haven't logged into before it asks you a series of security questions and then displays your sitekey and a password field, and your sitekey is unique to your account. This way if you don't see your sitekey, you don't login. Now that may seem a bit too much effort for gmail to do this, but you could have an option where you want to use a sitekey.

Share this post


Link to post
Share on other sites

this is definitely a phishing site.. it's only purpose is to illegally get your gmail account.. i wonder why it's still up until now and haven't been reported to google for them to take immediate actions to bring this down..

Share this post


Link to post
Share on other sites

this is phishing site. someone wants to crack your gmail account and thus has sent you the fake url.its like they will create fake login page. which will look similar to the original site.once you enter your login details your details will be forwarded to their email. so dont fall in all this.

Share this post


Link to post
Share on other sites

Yeah like this once i have recived a fake orkut LINK , and i really could not find the diffrence between the original one and the fake one.But the best way is whenever you have doubt on some Login pages like this you just type some user name and a junk password and give sign in.Then meanwhile see the status bar of the web browser , it will indicate the path , if you find any annonimus redirection such as freeform mailer etc. to which your page is getting directed you can be sure that it is a fake one.There are many Phishing websites like this and we must be careful about these Phishing sites because you dont know where your details are getting transferred.

Share this post


Link to post
Share on other sites

lately i reported this using 'Report Web Forgery...' feature of Firefox and they took it seriously.. that feature is supported and operated by google..firefox shows a 'Reported Web Forgery!' page to me to prevent me from accessing it..try to visit it now but you won't be able to if you use firefoxone phising site down again for greater web securityPHISHER: 0 | GOOGLE: 1

Edited by EngrJayze (see edit history)

Share this post


Link to post
Share on other sites

You better watchout from all these fake sites as you don't where your password and username is going.Fortunately for me, Most of my mails are spam.Nothing to see here,moving on :P I wonder what these people will do when they have the details.Maybe get all the cash from PayPal ^_^

Share this post


Link to post
Share on other sites

They have copied an old version of the GMail page and set it up as their own. When you enter any details, they are forwarded to the owners of the site, then the page redirects you to the real GMail homepage.
What they gain is thousands of GMail addresses and passwords. As most people don't seem to understand security, they will have used the same password for their GMail account as well as lots of other sites. Your email address and password would get them into a lot of sites! Directly, they gain your GMail details. Indirectly, potential access to all your accounts on shopping websites, and from that, your bank details.

There was another similar thing going on with the G-Archiver software to back up your GMail account. Take a look at this post by Jeff Atwood.



Yes then they send out mail from them lol

Share this post


Link to post
Share on other sites

Viruses are more reduced , and Facebook / Gmail scams and spams are more popular now. Social networking is everything now :)When you see i site like this , try to WHOIS the domain and if you find the host , report the website and it should be removed. It simpler because most of the scams use free hosting because it's for sure they will get deleted (paying for nonsense ? )It is simple to detect a site like this. It is opening slower than the original websites, the footer might be different , hovering links shows some crazy location and you can't register as you should.

Share this post


Link to post
Share on other sites

actually, you are wrong. phishing sites are harder to detect now. before, to trick people they would use a subdomain. now they are using a combination of a domain+subdomain with the domain beginning with "com". so when they create a subdomain, i.e. "gmail", the first thing a user will see will be "gmail.com".hackers are coming up with more and more techniques as the old ones become outdated. as you can see, this original post was made in 2008 when phishing sites were becoming more and more popular, but it was a rather old technique. the technique i just mentioned isn't as old but is being used and is fooling a lot more people than the old technique. you probably haven't heard of this technique until now, but it will be common knowledge in another couple years.there are a couple better ways to fool people though but if i were to share them, it would just give some wannabe hackers an excuse to try to deceive people which is not my intention in this post.i liked your suggestions to try to detect a phishing site. they are all good, but don't be fooled. some are NOT easy to detect. some people actually know what they are doing.....most don't though.....

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.