Fake account verification email phishes for Google credentials

Once again, Google users are being targeted with emails purportedly coming from the Google Team, confirming a bogus recovery e-mail update:

Seeing the threat of a permanent account suspension is likely to trigger panic in some users and make them follow the offered link.

Hosted on a compromised website, the destination is a page made to look like Gmail’s login page, set up to harvest the users’ login credentials for their Gmail and, consequently, for all their other Google accounts, warns Sophos.

Having the same username and password for a variety of Google services makes for an extremely user-friendly experience, but it also makes the impact of a compromise of these login credentials much greater.

Users are advised never to follow links included in unsolicited emails and to make sure to always access the legitimate Google page by typing in the correct URL themselves or via their bookmarks.

Don't miss