Analysis by: Michael Casayuran

Trend Micro researchers spotted spammed messages purporting to be a legitimate notification from Google. It informs users to update their primary and backup payment information by logging in to their accounts and entering the updated payment information via the phishing URL http://www.{BLOCKED}mn.com/Select/login provided in the spammed message.



It also employed the name Google Team to cloak the real sender, which are random email addresses, to avoid suspicion from the recipients. Note that legitimate Google alerts use Google Alert as the name of the sender and googlealerts-noreply@google.com as its email address. Users are advised to be wary when opening emails and divulging user credentials, even if these came from known sources.

 SPAM BLOCKING DATE / TIME: October 03, 2011 GMT-8
 TMASE INFO
  • ENGINE:6.8
  • PATTERN:8424