Google engineers have posted a detailed explanation saying that the recent domain hijacking related incidents were due to phishing and not because of any security flaws in the Gmail software.
According to Google, attackers had sent e-mail messages to web domain owners asking them to visit fraudulent websites, such as "google-hosts.com", with the purpose of collection their Google login credentials. Once they had access to the Google mail accounts, they would set up filters designed to forward email conversations with web domain providers.
To prevent such a thing from happening to your own Gmail (or even other web email) account, Google recommends.
1. Always use HTTPS when accessing Gmail. This can be changed from the "Settings" > "General" tab in your Gmail interface.
2. Double check the URL, and only enter your Gmail sign-in credentials if the web address begins with https://www.google.com/accounts..
3. Keep your eye on your filters via the "Settings" > "Filters" tab and lookout for suspicious filters.
You can even consider using OpenDNS since it can block suspected phishing websites.
Find this article at: http://www.labnol.org/internet/email/google-phishing-mails-responsible-for-domain-hijacking/5578/
Reader Comments
I used to manually change the url to HTTPS everytime…didn’t realize there is a simple way to do this!
Excellent tips!! Thanks!
Written by Vinayak on 11.26.08
I’d still like to know exactly how the usernames and passwords were extracted. I find it hard to believe that so many people would give it up so easily. It seems more likely to me that the user/pass info was pulled from the web browser somehow, or extracted from a faulty browser add-on. Anyone have details on this?
Written by geekamongus on 11.26.08
Do we have a hijack threat if we just visit some websites..? As long as we dont enter the login data on some pages, there is no such threat.. right..?
Written by Arun Basil Lal on 11.26.08