Phishing attack attempts to steal Google passwords via Red Cross website

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Always be careful about the links that you click on in unsolicited emails – are they really taking you where you think they’re taking you to?

That’s an important lesson for all computer users to learn, and it’s brought home by this email we intercepted overnight:

Phishing email

Subject: Re: Order

Sign up to our free newsletter.
Security news, advice, and tips.

Message body:
Thanks for the email, i have tried to send you our company profile but its not going through, so i have decide to send it via Google Docs. all email account work with Google Docs all you need to do is to click the link below and login to view the document.

Click here to View

And get back if you will like to do business with us thanks.

James

So, what do you imagine happens if you click on that link?

Well, you will end up on a website looking like this:

Google phishing webpage

At first glance, you might imagine you are logging into Google Docs to see the content from the email’s sender – but a closer examination of the URL bar reveals that this isn’t Google at all that you’re visiting, but instead a phishing page hidden away on the Ethiopian Red Cross Society’s website.

Of course, you shouldn’t enter your credentials on the page – as they are likely to end up in the hands of cybercriminals. And with so many people running their lives via Google’s online tools (email, calendars, and so forth) you can understand why it’s becoming increasingly attractive for online criminals to steal usernames and passwords from unsuspecting users.

Sophos has attempted to inform the Ethiopian Red Cross Society about the security breach on their website, and hopefully they will resolve the issue soon.

If you run a website make sure you are doing everything to keep it as secure as possible – for both your company’s sake, and that of your users. If you haven’t already done so, read this informative paper by SophosLabs, “Securing websites”, which covers some of the issues.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.