So I’ve been getting a lot of these lately:
It’s an e-mail (often from a @zoho.com address), sending what looks like an article from El Universal, the Venezuelan newspaper. Oh, here’s one that specifically tries to look like it’s from El Universal:
Anyway, the links (and you DO know not to click links in unsolicited e-mails, don’t you?) go to pages at gmailsecurity.org. The pages look like Google Drive or Youtube, but they contain a script asking the reader for his Google password. They are most definitely not real Google pages, though they do use the Google API. (Hello, Terms of Service violation!)
These are normal phishing attacks, and while I thought it vaguely interesting that someone was spamming a Venezuela-related audience with Venezuela-related phishing attacks, it still didn’t strike me as a very big deal. Now today, I just got a personalized one.
Note that it’s addressed specifically to me. That’s real live spear-phishing. I’m honoured, though I find it rather odd. All I do is find out facts and, once in a blue moon, put them on the Internet. It’s really not such a big deal. Rather pathetic that my actions make someone so uncomfortable. Anyway, I hope that the recipient of the form field enjoys knowing the password to the empty Google account I created for the occasion.
In case you’re wondering, the Escotet information was just the first few paragraphs of this. Nothing new or private, I assure you.
Moral of the story is, don’t click mystery links.