Trouble Nags Google for Tagging China in Gmail Phishing Scam
Search giant Google was just trying to stir political turmoil when it accused Chinese government officials of hacking Gmail accounts of certain individuals in earlier phishing scams that erupted last week, according to a Chinese Communist newspaper.
People’s Daily slammed Google for implicating China in the recent phishing scams that targeted specific individuals, including senior US government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel, and journalists.
A phishing scam would dupe end-users into giving up their credentials by spoofing legitimate Web sites, granting hackers access to their accounts. Afterwards, users are redirected to the legitimate site, not knowing they have already provided their log-in data to phishers.
In turn, these credentials can be used for financial gains. Sophos technology consultant Graham Cluley said the phishing scams would direct users to a spreadsheet on Google Docs.
Google claimed it originated from Jinan, China. In a blog post, Google said: “The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings.”
Subsequently, Google claimed that it traced the phishing attacks on Gmail accounts to China after it had disrupted the attacks.
However, Hong Lei, spokesman for China’s Ministry of Foreign Affairs, described the implication as coming “out of thin air” and “unacceptable.”
Lei denied allegations that Chinese government officials were involved in the phishing attacks.
Similarly, People’s Daily claimed Google was just trying to stir political unrest between China and USA.
“Google shouldn’t engulf itself in the international political war as a tool for political gaming,” [should there be] “any change in the international atmosphere, I am afraid Google will become a target to be sacrificed by politics, and also will be discarded by the market,” wrote People’s Daily editor Zhang Yixuan.
Google refused to comment on the paper’s editorial, but already passed its evidence of the phishing scam to the Federal Bureau of Investigation.
Meanwhile, security vendor Symantec spotted a fake donation campaign purporting to gather funds for Japanese earthquake victims.
A precedent phishing scam that surfaced during the height of the Japan 9.0 quake spoofed the Web sites of charitable organizations and banks and use those fake sites to lure users.
“This time, they spoofed the German page of a popular payment gateway site with a bogus site that asked for user login credentials,” Symantec said.