this was in my inbox today so hasnt copied all such as a similar name, but not quite the same............

Gmail Team
1:18 AM (5 hours ago)

to me
Welcome to Gmail! You can login to your account at accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1&osid=1#

Here are a couple of tips to help you get started:

Use Gmail's import tools to move mail and contacts from your other email accounts to your new Gmail address.
Download the mobile app for Android or iPhone and iPad to stay connected on the go.
Should you ever encounter problems with your account or forget your password we will contact you at this address.

Enjoy!

The Gmail Team


If you didn't create this Gmail address and don't recognize this email, please visit: accounts.google.com/AccountDisavow?adt=AOX8kir8iA7bOgsQ4W6qZYV0YabX2mAiKQP0InKUWBr0JVzEcWG0u8U to unlink this account.

I don't see anything wrong with the email or the links?

at a very quick look it seemed probable, but they spelt my name incorrectly and that gave it away to me at least

however some of the text they sent did not copy and paste. But the basics are there..No new sites of late

Links are fine "giobberjoe". HTTPS links..ie secure.. To gmail.
Very very well done if any thing fishy going on there.

I feel like I have to mention it again. Things that appear to be legitimate links, may not be because HTML can have a different title for the link itself. It is the title that you actually see on the screen, but you don't see what the link really is until you hover the mouse pointer over it.

From what GibberJoe has copied, you can't tell if they are legitimate or not. There are lots of emails like this that usually have something like 'your account has been declined' or something similar, and have links that look like they are to banks or something similar.

I would post something here to show you guys, but it looks like we can no longer post HTML direct to seabreeze.


Edit: Just found an email as an example:


Dear Westpac Customer,

Our data base has detected an un-usual activity, or another computer accessing your
online banking accounts. As a result your online banking has been limited. Please follow
access below to ascertain ownership.

http://www.westpac.com.au/banking/IdentityManagement/November2013

Westpac Customer Service

Please do not respond to this message. You are receiving this email because you
signed up for alerts through Westpac Internet Banking.


When you hover over the link that looks like a legitimate Westpac link, it actually shows you this is where it's going to go:

fdweABBAddf.info-onhhhhhline.knowsitall.info/westsecure/

I threw some other characters in there, just to make sure no one gets there!

Sailhack said..

Formula, you can mention it again if you like - but most of us here (I assume) know how links work and aren't completely pc illiterate as you seem to be assuming. The link (when hovering) shows a legit link to google accounts and therefore seems to be a case of the email not going to the intended recipient...at a guess.

Sailhack, sad to say, I am not so sure if you are computer literate enough. If you were 100% on the ball, you would realise that GibberJoe's paste is just text. It is what he has seen on the screen or email, and not necessarily the underlying html. Seabreeze won't let you post that.

As Seabreeze won't let you post HTML, of course the links match what the text says. My example I posted above is a real example that has arrived in my inbox, but when I paste it here, only the text gets pasted, so it looks correct.

Edit: Just to show you that what you see is not necessarily what you get, this is the HTML source for the email that I pasted above:

< DIV>
< A href="h ttp://fdwedBAHABdf.info-online.knowsanonitall.info/westsecure/"><FONT color=#0000FF>< I>< U>h ttp://www.westpac.com.au/banking/IdentityManagement/November2013< /I>< /U>< /FONT>< /A>< / DIV>
< DIV>


The 'href' is what you are actually going to be sent to, even though the link shows the westpac stuff.

I got scammed recently (2nd time in my life)... very upset about it .

I was buying health supplements from site X, had to pay via WU (don't ask).
Bastards took my money and didn't reply. I tried to take down their site but their host ccihosting has some sophisticated DDoS prevention, I created an AWS script to provision and deprovision VM's (so as to get new IP's in different regions) that would DDoS both the DNS and the IP, but ccihosting blocked the whole AWS IP range that I had available.

I managed take it offline for ~10mins. All my other vectors of infiltration failed too.

I've given up now.

Sailhack said..

You may be right Formula...but I'm using Chrome and Gibber's links are working fine - not showing as simply text, but actual links directing to the Google accounts page. As said, it looks fine to me, but I'm not saying that some clever hacker hasn't made up a mirror webpage of google?! I just can't pick it.

Sailhack, I think the bit you are missing is that a clever scammer can easily use legitimate text and links, so the email looks real. Its only when you hover the mouse over that you will see the actual link destination.

As GibberJoe has pasted text into seabreeze, no HTML information is imported. The default then is that the links actually point to where the text says they do.

There is nothing wrong with the text that GJ posted, but the original email probably has links off to some dodgy site. GibberJoe if you are listening, you can view the source of the email, and it should show you if the links are actually pointing off somewhere else.

A scammer could easily make a mock-up of a website, say Westpac, and then ask for you to confirm your credit card details "to reactivate your account". After that, it could redirect you to the real Westpac site, and you would be confused, but it would look real.

FlySurfer said..
ksjhewkhgkwvfnkwknqkdnkwfvkqwhncydmqfynicnfinyvwlgcemawhqoirewhivhewlh;lfh

well thats what it sounded like to me

stephen

it seems that large or reputable business email etiquette is to never include their login links in their emails, and encourage you to only ever login via their home page (e.g. you type their website in the URL bar). it's probably safe to say that if an email includes a login link, it's most likely phishing (a scam)

password reset emails may include a form of login link, but if you've never requested a password reset, then that's likely a scam email too