0

I have just received an email from a close friend, which had "Pionee Red" as the subject, and the following body:

you've a new private message from your friend
Click To View The Full Message

As I hovered over the link, the following address appeared:

http://107.183.127.168/l/?gapaxobi=xayimasodo&batipikumemajojipo=&id=d2lsc29ubWFyYXZpbGhhQGdtYWlsLmNvbQ==&xuranoteyu=d2lsc29ubWFyYXZpbGhh

When I followed the link (from my VM), it took me to the screen below:

Very Fake Google Login Page

Where the email field was pre-filled with my actual email (not the one in the screenshot)

I went a little further and navigated to the IP contained in the original URL to see where that led, and it redirected many times before it finally took me to 

http://www.kiss4you.com/

...where I was invited to Date Crazy in Happy Hours with more than 30 000 thousands of Beautiful Girls from Russia

Is that even a number? Crazy stuff. Anyway, what I wanted to ask is:

  1. How badly might my friend's account be compromised?
  2. Which security steps should we take?
  3. Should we submit some sort of report anywhere about this?
Wilson Canda
  • 103
  • 4
  • Define "went a little further". If you logged in, *you* might have gotten compromised. That's not a google login page. (Google would be using SSL and a google.com domain, for starters.) – cHao Jun 22 '14 at 17:08

2 Answers2

1

This is a classic phishing attempt. Your friends email will most likely have been compromised the same way as you were. First of all:

  • Change your gmail password immediately
  • Change all passwords which may have been linked to your gmail account (websites where you registered, etc...)

The website used is probably also compromised and is just used as webserver to harvest these emails.

For reports, you can get a police report if there is chance that sensitive personal information is breached, such as passport or ID copies, driver license, credit cards, etc... . Then it's best to make an official complain with the police. This will cover you should any fraud happen in the future that might get linked back to this.

Lucas Kauffman
  • 54,229
  • 17
  • 113
  • 196
1

I must say that I am quite baffled by this description. How could you, physically, date 30000 girls ? The logistical issues look daunting. You'd have to rent a fair-sized stadium just to have enough room for all of them. Some sort of communication network would be needed for conversation, with a strict speaking-time schedule. And what if they all order the lobster ?

As for your phishing attempt, well, it is a phishing attempt. I receive dozens of these every day (the joy of running your own SMTP server: no upstream filter...). The freaky part, the one which prompted you to write this answer, is of course that the email's apparent sender is someone you know.

Of course it is possible that your friend's computer or account got hacked into, and your address was found in his address book. It is also equally possible that the computer of a third person, who had both your friend's email and yours in his address book, got hacked. Phishers never send emails under their true name; they reuse their list of target addresses. Remember that they send such emails by the million; they don't have time to be subtle. Impersonating the sender's address of an email is trivial.

Level 0 phishers just use a random address in their big list of emails as sender. More advanced phishers select a new random address for each outgoing email (otherwise, antispam filters may notice the huge amount of emails with the same sender). Really advanced phishers try to somehow correlate addresses based on various criteria (email domain, same family name, system from which the email was plundered...) so as to increase the probability that someone like you happens to know the apparent sender (which makes it more probable that you will "click through" and, Heaven forbid, enter your password).

Community
  • 1
Tom Leek
  • 170,038
  • 29
  • 342
  • 480