Scammers use Gmail invite as phishing hook

For the fashion-conscious techie, a Gmail account seems to be a must-have status symbol. The currently invite-only service has even provoked people trying to sell their Gmail addresses on eBay. Now the scammers have caught on and are using the Gmail allure for a phishing scam to harvest email addresses and passwords.

Scammers send the phishing email to existing Gmail account holders, offering them the opportunity to invite three or six of their friends to join Gmail. The body of the email reads "I found this email very weird." It continues to read "The Gmail Team is proud to announce that we are offering Gmail free invitation packages to the existing Gmail account holders. By now you probably know the key ways in which Gmail differs from traditional webmail services. Searching instead of filing. A free gigabyte of storage. Messages displayed in context as conversations. Just fill in the form below to claim your free invitation package."

Of course, the 'Gmail Team' ask users to give away their Gmail addresses and passwords to get the invites.

The emails are currently able to make their way through Gmail's spam filters but the Gmail fraternity is fighting back by publicising the con on messageboards and in forums.

For those account holders genuinely given Gmail invites to hand out by Google, a click is all it takes to get a friend onboard. A message saying "You have 6 Gmail invitations. Invite a friend to join Gmail!", for example, appears in the user's status bar.

Why the scammers are after the usernames and passwords is, as yet, unclear. One possibility is to use the accounts to spam from. Another is the potential to search though the email messages for any financial details left lying around in emails - with 1GB of storage, that's a lot of email to trawl though.

A Google spokeswoman said: "I can confirm that the message(s) did not come from us and that we're taking steps (flagging messages that appear to us to be phishing emails) to help protect users from phishing scams."

Google's website adds: "Google is currently testing a service designed to alert Gmail users to messages that appear to be phishing attacks. When the Gmail team becomes aware of such an attack, the details of these messages are used to automatically identify future suspected phishing attacks. The result: when a Gmail user opens a suspected phishing message, Gmail displays a warning."