September 15, 2004 9:41 AM PDT

Scammers use Gmail invite as phishing hook

Scammers have caught on to the allure of Gmail and are using the Google e-mail service for a "phishing" scam to harvest e-mail addresses and passwords.

For the fashion-conscious techie, a Gmail account seems to be a must-have status symbol. The free service, which is not yet widely available, has even provoked people to try to sell their Gmail addresses on eBay.

Phishing schemes commonly involve e-mail requests for information that seem to be from trusted sources such as eBay or Citibank. In this case, the scammers send the phishing e-mail to existing holders of Gmail accounts, offering them the opportunity to invite three or six of their friends to join Gmail. The body of the e-mail reads "I found this e-mail very weird."

It continues to read: "The Gmail Team is proud to announce that we are offering Gmail free invitation packages to the existing Gmail account holders. By now you probably know the key ways in which Gmail differs from traditional webmail services. Searching instead of filing. A free gigabyte of storage. Messages displayed in context as conversations. Just fill in the form below to claim your free invitation package."

The "Gmail Team" asks users to give away their Gmail addresses and passwords to get the invites.

The e-mails are currently able to make their way through Gmail's spam filters, but the Gmail fraternity is fighting back by publicizing the con on messageboards and in forums.

For those account holders genuinely given Gmail invites to hand out by Google, a click is all it takes to get a friend onboard. A message saying "You have 6 Gmail invitations. Invite a friend to join Gmail!" appears in the user's status bar, for example.

Why the scammers are after the usernames and passwords is, as yet, unclear. One possibility is to use the accounts to send spam. Another is the potential to search though the e-mail messages for any financial details left lying around in e-mails. With up to a gigabyte of storage per account, that's a lot of e-mail to trawl though.


Join the conversation!
Add your comment
Passwords? Obvious scam
The fact that the messages ask for passwords is a obvious scam. No email service would ask for that, not usually I wouldn't think anyway.
Posted by pentium4forever (192 comments )
Reply Link Flag
But it does work
The scheme may seem easy to spot, but it does work. I worry every time I get a new (5 year old) chainmail from my mother in law that tells me Bill Gates is going to give me a thousand dollars to forward t his email...

It won't be long before they present a website where the user is presented a fake GMail website that requests them to login. It is already done for EBay and PayPal. This is the problem of popularity on any site.

Any time you have something you desire, someone else might desire it as well and will devise a way to steal it from you.
Posted by (46 comments )
Link Flag
Who are these people?
I'm usualy not so insesitive but people should know by now. If they give out their email adress AND password they deserve to get dumped on with spam. They should thank their stupid butts that's all they get.
Posted by (1 comment )
Reply Link Flag
More obvious reason
The most obvious, effortless and profitable reason I can see for stealing a G-Mail account would be to auction it off. It only stands to reason that with prices for gmail accounts on ebay falling people would need to increase supply and sell them in bulk to keep their profit margin.

I really dont buy the spam theory myself.. seems an awful lot of trouble to go through to get an email account with a lot of space to *recieve* emails when you only intend to *SEND* emails from it. You can send thousands of emails a day from any account even one with no storage space.
Posted by Fray9 (547 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.