Monday, September 12, 2011

Phishing Attack: Using redirection

It has come to my attention the escalation in phishing attempts coming to my gmail account. In 4 days I got 3 emails that managed to pass the spam protection. They all claimed they were my twitter friends and that they found someone faking my account, my twitter picture, twitter avatar and what not.

I always inspect the url before clicking because I want to explore the vulnerabilities (of course the safest to do is just to report as spam anything looking suspicious) So I took a look at them and they were all referring to well known websites that are "offerring free redirection services". I hope this is just a bug in and Do not hit the urls below before reading the rest of this post. Here are the URLs:

Open Firefox and delete all your cookies. Failure to do that will probably compromise things like your google/gmail account.

If you take a look at the traces you will notice there were attempts to get some stuff from If you are logged into gmail or other google services your cookies for will be compromised and the intruder could fake your session resulting in identity theft.

No comments: