I Almost Fell For It!

If you fell for this, here’s what happened. Your Google password is owned. You’ve installed software that probably also controls your computer and owns your other passwords.

I don’t want to hurt myself patting my own back, but I’m pretty good at sniffing out scams. Today I came perilously close to falling for one. Bravo to the scammers. You’re getting better.

It started with an email from a friend I haven’t spoken to in a long time. Actually, the email said I had a message from her via Whats App. I have Whats App installed, but don’t use it.

So far, plausible.

We-missed-you---geoff.fox-gmail

I clicked the green “Play” button and was asked to sign in to my Gmail account. Again, this is something that happens… but I don’t give up my password easily. I looked closely and noticed the password page didn’t have a green lock next to it.

Bad sign!

Gmail (and Facebook and Twitter) always have a green lock. The green lock assures you the connection is secure and from the company listed.

Gmail-w1920-h1400

I continued to log in but with a phony password. I wanted to see where this led.

YouTube-w1920-h1400

Next screen was an install page for Flash. If the flashing red lights weren’t already going off, this would do it!

If you fell for this, here’s what happened. Your Google password is owned. You’ve installed software that probably also controls your computer and owns your other passwords.

I opened up the web pages. They’re reasonably well written code. All the images are served from their rightful owners websites. In other words, Google, Twitter and Whats App (among others) are paying for the bandwidth to run this scam!

How the hell did this get past Gmail’s filters? At least it didn’t get past mine.