Gmail Hack Was a Phishing Scheme

November 26th, 2008 at 12:00 am
 


gmail hacked online security phishing scheme

Last week, there were reports of a Gmail security issue wherein a certain hack could get into a users account, manipulate some GoDaddy password reset script and ultimately steal that user’s GoDaddy account.  The reason for stealing somebody’s GoDaddy information is quite obvious, domain names are a commodity and worth a lot of money. So if a hacker can take atop level domain name from somebody who bought it, he can resell it and make him a quick dirty buck.

The real target of the supposed hack was the GoDaddy account but Google stepped in because it was usually a Gmail account hacked first to get to the GoDaddy information.  So Google scrambled their security team and launched an investigation.

Google is a proud service provider of secure products and hacks like these are top priority for them to fix. Their investigation on the Gmail Hack however turned out to be a phishing scheme.  Phishing is when people swindle other people to give up their account credentials by using deceiving sites.  Google explains this better in the results of their invesitgation:

With help from affected users, we determined that the cause was a phishing scheme, a common method used by malicious actors to trick people into sharing their sensitive information. Attackers sent customized e-mails encouraging web domain owners to visit fraudulent websites such as "google-hosts.com" that they set up purely to harvest usernames and passwords. These fake sites had no affiliation with Google, and the ones we’ve seen are now offline. Once attackers gained the user credentials, they were free to modify the affected accounts as they desired. In this case, the attacker set up mail filters specifically designed to forward messages from web domain providers. [Google Online Security Blog]

So as it turns out, Google is not vulnerable to the hack.  However, some users are easily fooled by phishing schemes and Google’s engineers can’t help them there.  Still it’s great to know that Gmail is still safe from common hacks.