Go Back   English Forum Switzerland > Living in Switzerland > Business & entrepreneur
Reply
 
Thread Tools Display Modes
  #1  
Old 27.06.2015, 09:33
Junior Member
 
Join Date: Jun 2011
Location: Zug
Posts: 33
Groaned at 0 Times in 0 Posts
Thanked 7 Times in 5 Posts
fraj1 has become a little unpopularfraj1 has become a little unpopular
phishing attack warning from Google and API

Hello,
I just received an email from Google stating I might be under phishing attack... I am worried because few days ago I had to provide my web developer who is creating a ecommerce site for me an API PayPal password, username and signature in order to integrate the shopping cart in. Does anybody know if this is the reason why I recieved the email from Google.

I spoke to PayPal before giving out the API information and they informed me it was safe to provide to my developer.

Please help

Last edited by fraj1; 27.06.2015 at 09:56.
Reply With Quote
  #2  
Old 27.06.2015, 10:42
me.anon's Avatar
Forum Veteran
 
Join Date: Jan 2012
Location: thun
Posts: 1,454
Groaned at 22 Times in 16 Posts
Thanked 1,767 Times in 870 Posts
me.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond repute
Re: phishing attack warning from Google and API

Can you anonymise the mail claiming to come from Google and post it here ?
Have you used the same password for your Paypal API that you use for other services (eg Gmail) that might now be accessible to your "Web Developer" ?
Reply With Quote
This user would like to thank me.anon for this useful post:
  #3  
Old 27.06.2015, 11:09
Junior Member
 
Join Date: Jun 2011
Location: Zug
Posts: 33
Groaned at 0 Times in 0 Posts
Thanked 7 Times in 5 Posts
fraj1 has become a little unpopularfraj1 has become a little unpopular
Re: phishing attack warning from Google and API

Dear site owner or webmaster of .........com,
We recently discovered that some pages on your site look like a possible phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have removed the suspicious URLs from Google.com search results and have begun showing a warning page to users who visit these URLs in certain browsers that receive anti-phishing data from Google.

Below are one or more example URLs on your site which may be part of a phishing attack:

http://www. .com/~marta/mano/2309492d735f94efd429230a6ea03173/

Here is a link to a sample warning page:
http://www.google.com/interstitial?u...9230a6ea03173/
We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.

Once you've secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting
http://www.google.com/safebrowsing/r...r/?tpl=emailer
and reporting an "incorrect forgery alert." We will review this request and take the appropriate actions.

Sincerely,
Google Search Quality Team

Note: if you have an account in Google's Webmaster Tools, you can verify the authenticity of this message by logging into https://www.google.com/webmasters/tools/siteoverview and going to the Message Center, where a warning will appear shortly.
Reply With Quote
  #4  
Old 27.06.2015, 11:12
Junior Member
 
Join Date: Jun 2011
Location: Zug
Posts: 33
Groaned at 0 Times in 0 Posts
Thanked 7 Times in 5 Posts
fraj1 has become a little unpopularfraj1 has become a little unpopular
Re: phishing attack warning from Google and API

I have used different passwords for PayPal and Gmail. This is the email Google sent me..
Reply With Quote
  #5  
Old 27.06.2015, 11:18
me.anon's Avatar
Forum Veteran
 
Join Date: Jan 2012
Location: thun
Posts: 1,454
Groaned at 22 Times in 16 Posts
Thanked 1,767 Times in 870 Posts
me.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond repute
Re: phishing attack warning from Google and API

So, it may be your "Web Developer" is misusing the site, that he is creating for you, to conduct phishing attacks. You've obscured the suspicious link in your site, so it is not possible to say for certain.
Edit:
I found it anyway. Your site contains a bogus Paypal Login Screen, with odd spelling etc.
Attached Thumbnails
phishing-attack-warning-google-api-boguspaypal.jpg  

Last edited by me.anon; 27.06.2015 at 11:41. Reason: added picture
Reply With Quote
The following 5 users would like to thank me.anon for this useful post:
  #6  
Old 27.06.2015, 18:47
Junior Member
 
Join Date: Jun 2011
Location: Zug
Posts: 33
Groaned at 0 Times in 0 Posts
Thanked 7 Times in 5 Posts
fraj1 has become a little unpopularfraj1 has become a little unpopular
Re: phishing attack warning from Google and API

Thank you so much for your help. Who should I contact to find out more, Google?
Reply With Quote
  #7  
Old 27.06.2015, 22:18
Forum Veteran
 
Join Date: Sep 2012
Location: ZH
Posts: 717
Groaned at 5 Times in 5 Posts
Thanked 648 Times in 338 Posts
daffy99 has an excellent reputationdaffy99 has an excellent reputationdaffy99 has an excellent reputationdaffy99 has an excellent reputation
Re: phishing attack warning from Google and API

Quote:
View Post
Thank you so much for your help. Who should I contact to find out more, Google?
Google will not respond. This is totally and completely Your Own Problem to fix.

options:
* analyze and fix yourself
* have the person you outsourced to do same
* hire third party to do same and review what your current partner has done

Good luck
Reply With Quote
The following 2 users would like to thank daffy99 for this useful post:
  #8  
Old 27.06.2015, 22:23
Forum Legend
 
Join Date: Oct 2014
Location: Ostschweiz
Posts: 3,057
Groaned at 99 Times in 79 Posts
Thanked 3,799 Times in 1,962 Posts
Urs Max has a reputation beyond reputeUrs Max has a reputation beyond reputeUrs Max has a reputation beyond reputeUrs Max has a reputation beyond reputeUrs Max has a reputation beyond reputeUrs Max has a reputation beyond repute
Re: phishing attack warning from Google and API

The first thing should be to stop the whole thing in order to avoid causing damage. Your site appears to be hosted by hostgator.com, ask them to take the domain offline. That'll give you time to fix things properly.

Note:
The hoster can be compared to a landlord, who you rent the space for your digital store or website from. By asking him to take your website offline it's like asking your landlord to stop access to a real shop for the time being.

After that: see daffy99 above.
Reply With Quote
This user would like to thank Urs Max for this useful post:
  #9  
Old 27.06.2015, 22:25
me.anon's Avatar
Forum Veteran
 
Join Date: Jan 2012
Location: thun
Posts: 1,454
Groaned at 22 Times in 16 Posts
Thanked 1,767 Times in 870 Posts
me.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond reputeme.anon has a reputation beyond repute
Re: phishing attack warning from Google and API

Google's role here, as far as I can see, has been limited to discovering the falsified Paypal login screen on your web site and reporting it to you as the registered web site owner (whois lookup).
I guess you did this:
(a) chose a nice domain name and registered it.
(b) found a web hosting provider for your site (the one with the alligator logo)
(c) somehow found a "web developer" to build a site, integrate a shopping cart and Paypal etc. and handed him over all the credentials for administering the site.

It would appear that this "web site developer" has misused the credentials you entrusted to him to create a bogus Paypal loging screen for phishing passwords etc.

You should change the passwords that you have given that "web site developer" and either (a) delete what he has created on your site or (b) explain what has happened to your internet service provider and let them clean up the whole mess.
__________________
If you have difficulties with a post which contains a link to a site in one of the Swiss languages, use Google Translate or your own favourite translating browser.
Reply With Quote
This user would like to thank me.anon for this useful post:
  #10  
Old 28.06.2015, 02:33
Junior Member
 
Join Date: Apr 2008
Location: SC,USA
Posts: 35
Groaned at 0 Times in 0 Posts
Thanked 27 Times in 17 Posts
Bacho has no particular reputation at present
Re: phishing attack warning from Google and API

Quote:
View Post
It would appear that this "web site developer" has misused the credentials you entrusted to him to create a bogus Paypal loging screen for phishing passwords etc.
Alternatively, the web site developer did a sloppy job and left some part of the site unsecured, or failed to apply the latest security patches. The Internets, being what they are, are always scanning and found the security failure quickly. Then some bad operator somewhere uploaded his phishing pages to your site.
Reply With Quote
This user would like to thank Bacho for this useful post:
  #11  
Old 28.06.2015, 09:32
Senior Member
 
Join Date: Aug 2010
Location: Zürich
Posts: 349
Groaned at 4 Times in 3 Posts
Thanked 258 Times in 155 Posts
ThomasSSS has earned the respect of manyThomasSSS has earned the respect of manyThomasSSS has earned the respect of many
Re: phishing attack warning from Google and API

Yes, it is very common for a hacker to break into a site just to add a phishing form. It is also very common for the site owner to be unaware that this happened. So Google sends these emails to improve the state of internet security and make things harder for phishers.

Most likely, your web developer is rubbish at computer security, but not actively complicit. There is a slight chance that he is good but unlucky, and also a slight chance that he is complicit. Alternatively, the problem could lie with the hosting provider, depending on exactly how the provider and the developer are dividing up the work.

Personally, I think that securing a website is such an important part of building one, that a development team with rubbish security competence should be seen as just rubbish. However, low security awareness is rather common, and it is hard to say how best to fix the situation. Also, good security costs, and since a lot of site owners don't think of it or even know anything about it, a lot of developers don't spend time on it.

Last edited by ThomasSSS; 28.06.2015 at 10:19.
Reply With Quote
This user would like to thank ThomasSSS for this useful post:
  #12  
Old 28.06.2015, 09:43
NotAllThere's Avatar
Forum Legend
 
Join Date: Oct 2008
Location: Baselland
Posts: 8,988
Groaned at 140 Times in 122 Posts
Thanked 12,275 Times in 5,017 Posts
NotAllThere has a reputation beyond reputeNotAllThere has a reputation beyond reputeNotAllThere has a reputation beyond reputeNotAllThere has a reputation beyond reputeNotAllThere has a reputation beyond reputeNotAllThere has a reputation beyond repute
Re: phishing attack warning from Google and API

Maybe the developer was so utterly incompetent, he thinks that the page is actually a bonafide way of integrating paypal into a website.
Reply With Quote
Reply




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
419 Scam of the Day [Email Scams, Phishing, etc.] Yokine General off-topic 144 17.04.2016 21:02
Phishing attack on PostFinance customers jrspet Finance/banking/taxation 3 07.09.2015 19:36
Phishing email from someone claiming to be apple ?? Canariesfan TV/internet/telephone 8 12.03.2015 14:14
Help with email an email from my friend PTruli Language corner 9 05.09.2013 16:53
Phishing Alert - Fake IRS Email DuePonte Finance/banking/taxation 7 16.01.2013 11:34


All times are GMT +2. The time now is 05:06.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.1.0