Dishing Tech

Dishing Tech is a unique tech blog that offers news, how to's, tips, tweaks on pretty much anything tech related. We Dish out the latest news on gadgets and hardware. Provide Mac and iDevice reviews as well as provide tutorials on hacking, jailbreaking, internet security and visualisation.

02 July 2012

Hijacked Google Account...Almost



I came close to having my google account hijacked today from a phishing attempt. I am quite careful and smart when it comes to these type of attacks. I let my guard down in this instance. I was extremely sleepy and after some Googling it looked legitimate so I clicked on the link to reject the request. My Google Chrome browser should have informed me that it was a suspected phishing site, but clearly it wasn't identified quick enough.


Looks Legitimate, even the favicon.



This is what was sent to me via email:

Hi XXXXXXXXX@gmail.com,

Your Request to grant <harryn_1965@gmail.com> access to read, delete and send mail on your behalf.

---
To learn more about why you might have received this message, please
visit: http://mail.google.com/support/bin/answer.py?answer=138350.

Please do not respond to this message. If you'd like to contact the Gmail Team, please log in to your Gmail account and click 'Help'. 

Little did I realise that they didn't link to mail.google.com at all but they were masked, a simple hover of the link would have told me so:


http://accounts.config.signin.atomoprodu.copymailce887.venezuelamu.com/?name=XXXXXXX@gmail.com


http://accounts.config.signin.atomoprodu.copymailce887.venezuelamu.com/?name=XXXXXXX@gmail.com


I should have looked at what email address it was sent from: accounts-noreply <account_upgrade@goglemail.com>. Last time I checked google was with two O's. I am also lucky to have different passwords for all my online accounts (I use 1password). If you have the same password for many of your different online accounts you would be screwed. Luckly I was able to change my password immediately and anyone who was stung please change your password ASAP. I have also moved to a much secure option. Having Google Two-Step verification. In a nutshell this means I have separate google generated passwords with each non browser app I have. Not only would hackers need to get your password, they would also need my phone to do so. This is a much secure option. It does take some setting up, but it is all in the name of security and it is worth it.


Here is some additional info:
Received: by 10.142.234.12 with SMTP id g12csp51535wfh; Mon, 2 Jul 2012 04:14:12 -0700 (PDT)
Received: by 10.236.114.161 with SMTP id c21mr15094357yhh.51.1341227651682; Mon, 02 Jul 2012 04:14:11 -0700 (PDT)
Received: from spud.databrook.net (245.subnet-66-44-210.ellijay.com. [66.44.210.245]) by mx.google.com with ESMTP id b26si9348059yhe.124.2012.07.02.04.14.10; Mon, 02 Jul 2012 04:14:11 -0700 (PDT)
Received: from 66.subnet-66-44-216.ellijay.com ([66.44.216.66]:39884 helo=rivexch.riverstone.domaincontroller.com) by spud.databrook.net with esmtp (Exim 4.69) (envelope-from <account_upgrade@goglemail.com>) id 1Slea1-0002CY-RE for adrian161985@gmail.com; Mon, 02 Jul 2012 07:14:09 -0400
Received: from 26-82-162-69.static.reverse.lstn.net ([69.162.82.26]) by rivexch.riverstone.domaincontroller.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 2 Jul 2012 07:14:10 -0400
Return-Path: <account_upgrade@goglemail.com>
Received-Spf: temperror (google.com: error in processing during lookup of account_upgrade@goglemail.com: DNS timeout) client-ip=66.44.210.245;
Authentication-Results: mx.google.com; spf=temperror (google.com: error in processing during lookup of account_upgrade@goglemail.com: DNS timeout) smtp.mail=account_upgrade@goglemail.com
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_001_66F1_54D34CDB.64E60CD1"
X-Mailer: Smart_Send_2_0_132
Message-Id: <32561936506961321122408@vps>
X-Originalarrivaltime: 02 Jul 2012 11:14:10.0287 (UTC) FILETIME=[CDD3B7F0:01CD5843]
X-Acl-Warn: {
X-Antiabuse: This header was added to track abuse, please include it with any abuse report
X-Antiabuse: Primary Hostname - spud.databrook.net
X-Antiabuse: Original Domain - gmail.com
X-Antiabuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-Antiabuse: Sender Address Domain - goglemail.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 

0 comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...