Yesterday I got an email in my Gmail inbox that was in Chinese but there was something suspicious in the email. It seemed like it was sent from Gmail itself. So I decided to investigate the issue.Let’s first look at the email that I received.
I have translated it into English using Google translator. Here’s the translation:
From: Gmail team <firstname.lastname@example.org>
Subject: notice: Dear users, Hello! Please check your mail! Award-winning serial number: 81912064
Hello! Your mailbox name has been selected! Were double-kind gift!
Please pick up your award received! Please verify with code: 8858
Click the Google site query! e-mail-google.Co.CC
Note: Please keep the above information, to inform!
Notice to the Gmail team
Winning number: 81912064
There are 3 things to note in the email:
1- From which email address the mail was sent.
2- To which email address the mail was sent.
3- Any suspicious links in the email.
Although the sender’s name has been specified as “Gmail Team”, the mail was actually sent from email@example.com which clearly means that it has not been sent from the Google domain and it certainly is not from the Gmail team.
Second thing to note is that this email has not been sent to me. If it were sent to me, my email address should have been in to To: field. It was sent to the same email address firstname.lastname@example.org meaning that I would have been somewhere in the BCC: field.
The third thing to note that there is a link given in the email that looks very similar to Google’s. A person can easily fall into the perception that this is a Google link. When I click on this link it takes me to a page very similar to Gmail. And now I have understood that if I enter my Google username and password into the page, it will be sent to the malicious user behind the page.
We should be very careful whenever we are entering our user credentials. Let me tell which URL to trust and which not to trust. All the modern browsers include a feature that distinguishes normal URLs with the SSL enabled URLs. If you open an SSL enabled URL, the browser will show a Lock sign at the end of the URL. And if you click on that URL, it will show you the exact identity of the site. Below is the example of Gmail.com opened in Google Chrome showing the identity of the URL as it is from www.google.com, a trustworthy source.
Here are a few useful links from Google about the Gmail security and scams: