Wednesday, June 8, 2011

Reporting phishing attempts to Google FTL!

This morning I opened what, to a less skeptical eye, might look like an absolutely valid attempt by Google to verify my Gmail account. It claimed that Google is attempting to eliminate all unused Gmail accounts1 and needed me to simply verify my details.

Now, looking at the link in the account it does go back to Google (to a hosted site on google.com) and uses a spreadsheet to collect the user's login name, password and date of birth. All things which Google would not require to verify your account.

But something a scammer would definitely like to get out of you since it would give them access to your email to look for bank mails, etc.

And that information coupled with your date of birth can give them a plethora of information to steal your identity.

So I tried to report this phishing attempt to Google. And (here's the where Google humps the fail whale) could not find any way of REPORTING a phishing attempt to Google.

Now, you might be saying:

Why didn't you click on the link to report the attempt on gmail.com?

The simple answer is: I don't use the gmail.com site to read email. I do it all through Thunderbird since I track three separate accounts.

So when I hit an email like this then I want to report it. But I can't really do that if Google doesn't give (even in the Google search results) a way to report an email phishing attempt.


1 I would expect that a legitimate attempt at doing this by Google would simply used the date last accessed to determine what accounts have aged out from lack of use and put them on a list to be deleted. Then they could just email the user a notice and, if that email were not opened after a set period, safely delete the account.