Want CNET to notify you of price drops and the latest stories?

Scammers use Gmail invite as phishing hook

Fake e-mails sent to Gmail account holders attempt to garner addresses and passwords.

2 min read
Scammers have caught on to the allure of Gmail and are using the Google e-mail service for a "phishing" scam to harvest e-mail addresses and passwords.

For the fashion-conscious techie, a Gmail account seems to be a must-have status symbol. The free service, which is not yet widely available, has even provoked people to try to sell their Gmail addresses on eBay.

Phishing schemes commonly involve e-mail requests for information that seem to be from trusted sources such as eBay or Citibank. In this case, the scammers send the phishing e-mail to existing holders of Gmail accounts, offering them the opportunity to invite three or six of their friends to join Gmail. The body of the e-mail reads "I found this e-mail very weird."

It continues to read: "The Gmail Team is proud to announce that we are offering Gmail free invitation packages to the existing Gmail account holders. By now you probably know the key ways in which Gmail differs from traditional webmail services. Searching instead of filing. A free gigabyte of storage. Messages displayed in context as conversations. Just fill in the form below to claim your free invitation package."

The "Gmail Team" asks users to give away their Gmail addresses and passwords to get the invites.

The e-mails are currently able to make their way through Gmail's spam filters, but the Gmail fraternity is fighting back by publicizing the con on messageboards and in forums.

For those account holders genuinely given Gmail invites to hand out by Google, a click is all it takes to get a friend onboard. A message saying "You have 6 Gmail invitations. Invite a friend to join Gmail!" appears in the user's status bar, for example.

Why the scammers are after the usernames and passwords is, as yet, unclear. One possibility is to use the accounts to send spam. Another is the potential to search though the e-mail messages for any financial details left lying around in e-mails. With up to a gigabyte of storage per account, that's a lot of e-mail to trawl though.