Google: No Gmail vulnerability, just phishing

Recently, there were concerns that a Gmail exploit may allow attackers to forward e-mail.

A proof of concept was posted online but Google has now denied there's any evidence of a Gmail vulnerability.

Google security engineer Chris Evans explained in a blog post that Google "mounted an immediate investigation" after the recent speculation but "results indicate no evidence of a Gmail vulnerability". With help from Gmail users Google has determined that the cause was a phishing scheme, a common method used by malicious actors to trick people into sharing their sensitive information.

Evans explains "Attackers sent customized e-mails encouraging web domain owners to visit fraudulent websites such as "google-hosts.com" that they set up purely to harvest usernames and passwords. These fake sites had no affiliation with Google, and the ones we've seen are now offline. Once attackers gained the user credentials, they were free to modify the affected accounts as they desired. In this case, the attacker set up mail filters specifically designed to forward messages from web domain providers."

Phishing attacks are becoming increasingly popular and security researchers believe social networking sites like Facebook are ideal for phishing.

Report a problem with article
Previous Story

Apple to offer discounts of up to 15% on Black Friday

Next Story

Shocking Mumbai attacks, news courtesy of Twitter

12 Comments

Commenting is disabled on this article.

i get like 1 a week in my gmail
overall ive beenhapy
i am concerned tho cause i see too often ppl having issues like dead accounts, attacks, emails lost, etc etc

I use Hotmail and have done for many years and I have not received even one piece of spam I had Gmail a few years ago and never used it. I looked at the GMail account one day and it was full of spam! :S

mocax said,
i've a gmail account that never gets any mail in over a year...

nope, none in spam too....

I don't believe that for one second. I have 3 Gmail accounts and have NEVER used 2 of them, except to store my own stuff in, and they both get about 6 junk mails a day, at a minimum.

Gmail is as bad as not so hot, hotmail. In fact, it's one of the most spammed e-mail accounts I have. There is nothing particularily great about gmail, except for the storage space.

cork1958 said,
I don't believe that for one second. I have 3 Gmail accounts and have NEVER used 2 of them, except to store my own stuff in, and they both get about 6 junk mails a day, at a minimum.

Gmail is as bad as not so hot, hotmail. In fact, it's one of the most spammed e-mail accounts I have. There is nothing particularily great about gmail, except for the storage space.

I have several name@domain accounts on gmail and none of them (but one) gets spam. 3 accounts have been unused for 3 years and they remain empty.

The one that does is a generic contact account. Being published all over the place it was obvious that it was going to be spammed hard.

cork1958 said,
There is nothing particularily great about gmail, except for the storage space.

The interface, tagging, pop and imap support, google docs integration (for opening pdfs, odf, ppt in browser), ability to customise the "from" field, using the "Mail Fetcher" to get email from other pop accounts, Sunbird calendar syncing, 20 MB attachment limit - all features that I use that make me think Gmails great and Im sure Im only scratching the surface of Gmail features.

cork1958 said,

I don't believe that for one second. I have 3 Gmail accounts and have NEVER used 2 of them, except to store my own stuff in, and they both get about 6 junk mails a day, at a minimum.

Gmail is as bad as not so hot, hotmail. In fact, it's one of the most spammed e-mail accounts I have. There is nothing particularily great about gmail, except for the storage space.


I have one gmail for about 3 years now. I NEVER had ONE SPAM. I don't log in much. Logged in once awhile to see if it still exist. And I had just tried to log in and it still exist but no single mail. I did not gave that mail out nor would I post that e-mail address publicly. Hence, that's why I never get SPAM.

cork1958 said,
There is nothing particularily great about gmail, except for the storage space.

I have to assume you've never really used gmail or you would have a completely different opinion. IMO, it's the most robust, easy to use feature laden FREE email service around. Ok, it doesn't do your dishes...so what!!

You can't be the victim of phishing unless you give out your email address, only give out your email to reliable sources and you won't get any spam. As for the possibility of a security hole, I just moved to Gmail, dam...

Not always the case. I have an email account which has never been used to send anyone any email and I still get spam to it. Admittedly it is myname@domain so has probably been targeted by using name / word lists, but still it's naive to say that if you only give out your email to reliable services you won't get spam.

thealexweb said,
You can't be the victim of phishing unless you give out your email address, only give out your email to reliable sources and you won't get any spam.


Depends... buirgbu346yguy44g6uyuovh@gmail.com would get none unless it was harvested by a spammer. dave@gmail.com would get a whole pile even if its not harvested just because its a common name.

Surely if someone who has your email has there account fail victum to spammers/scammers they may get your address that way.

Thereby I've only given my email to someone I trust, who fell victim to a scam or had their pc has some spyware on then my email address would be at risk.