Gmail Notifier Exploit

• Posted by Brent on November 3, 2007 18:26
• Comments (3)

 I use Gmail a lot for certain email addresses that I need to have access to from anywhere - and I also use Gmail Notifier. GMail notifier is a desktop application that checks for new email in the account logged in to, and displays a message and changes it's icon when there is new mail - similar to Outlook 2003 + .  

Well, early today I was browsing through a bunch of  let's say - questionable websites, looking for a very specific piece of information. I wasn't really paying a lot of attention to all the pop-ups 'cause I knew I was in a bad neighborhood ( i can't stand pop-up blockers). I also have pretty decent security on the machine I was surfing with - so I felt confident.  After I found what I wanted - I began closing windows. One of them was very familiar looking. It was an HTML duplicate of the Gmail Notfier login window pictured in this post. One of the sites I surfed through popped it up trying to get me to enter my Gmail account information. I can see how this must be working pretty well for them. The real GMail Notifier pops-up in a small nearly indentical window too. The HTML version was very close to a real G-Mail window in appearance, feel, and function. If I weren't a web developer myself I might have fallen for this trick. I wish now that I was paying more attention to the sites I was visiting or would have thought to take a screen shot while the window was up - but I didn't.

Anyway, just be warned. There are people out there faking GMail Notifier login's to try and steal your GMail login - most likey to get your friends email addresses to sell to spammers.