Reports of phony Google Play emails being sent to Android developers as circulating around the web. We, at Phandroid, have also received one of these emails, little more than a phishing scam meant to steal developers’ console passwords. Ours says we have 7 days to respond to a Google Play Store violation (some devs are receiving 3-day emails) and comes from a “gooogle.com.de” address (with an extra “O”).
Once the link in the email is clicked, developers are taken to a site that looks very similar to the normal Developer Console. We have to admit, the wording in the email doesn’t feature the usual grammatical errors and is seemingly urgent enough that some developers might panic and miss it. Needless to say, avoid clicking or signing into anything from that email, lest you’d like your developer account compromised.
UPDATE: Google issues official e-mail to developers warning them of this phishing attack.
We are aware that some Google Play developers have received policy warnings from a fake Google account. The subject lines of the fraudulent emails include variations of “3-Day Notification of Google Play Developer Term Violation.” If you received an email with this subject line, please mark it as phishing and proceed to delete it without clicking on any links contained within it. Find out more about recognizing phishing emails here:https://support.google.com/acc
ounts/answer/75061. If you use Gmail, please report all phishing attempts by following these instructions: https://support.google.com/acc
ounts/answer/75061. As a general reminder, you should only enter your Google account password on the official Google sign-in page: https://accounts.google.com/. Also note that the official URL for the Google Play Developer Console is https://play.google.com/apps/p
ublish/. If you believe your account has been compromised, please follow these instructions: https://support.google.com/mai
l/answer/50270. Thanks,
The Google Play Support Team(c)2015 Google Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043You have received this mandatory email service announcement to update you about important information relating to your Google Play account.
You would hope that developers of all people would see through that one. :p Still good to warn people.
The thing that I first noticed is that the email was sent to our support email rather than the account owners email.
The message skipped spam due to the fact that I had a filter setup for the support emails. Google still posts a warning but I am sure some people fall for this.
“gooogle.com”… LOL
Contrary to the joke, Google owns that domain and it still takes you to Google.com.
Have you been to Amazong.com before? They have amazing online deals that rival Amazon. =.P
that was the domain of the bogus email, so I doubt it would be under Google’s control – I do realize that the gooogle url will take you to the correct page. I’ve misspelled plenty of URL’s – some with disastrous consequences! LOL
Actually, even Google’s own cache for that .de page sends you immediately to a compromised site. Strange that Google itself would have no safeguards from such an obvious, and likely malware-oriented, spoof of its own name. Nor does McAfee have any knowledge of it.
Edit: Turning on SiteAdvisor proper yields this report:
“http://www•gooogIe•de/
Caution. We tested this link and found it might send your personal information to people online who can use it to access your financial information, or steal your identity.” [I’ve crippled the url]
NASTY. Avoid
That’s pretty terrible :(
Gooooooooogle Play! (thank you Cookie Crisp)
Holy crap. I certainly wouldn’t want to install an app from a developer that falls for email scams! :-O
This is NOT as easy to spot as fraudulent as you think. We’ve received several of these identical e-mails in the past that WERE directly from Google and so the first thing I did when I got this one was message @stevealbright:disqus with a list of 4 letter words saying IT HAPPENED AGAIN. You’re in such a moment of familiar and escalated emotion that it’s rather easy to overlook the inconsistencies outing it as a scam. Hope nobody gets caught by it!
The bitchfest post I was preparing to make on G+ prior to realizing it was a scam… HA!
Meanwhile Steve Albright receives 20 panic curse text messages on all social platforms.
I spotted the ‘Gooogle’ in seconds. That doesn’t mean the address itself wouldn’t take you necessarily to Google, it’s just something Google would not do.
Edit: the address did indeed take me to a compromised site, even with my electing to choose Google’s cache-page, instead of the live grenade. Whereupon I force-quit immediately. These creeps are not amateurs.
The fact that the email address has dashes and ends in .de is all you needed….
Then you see the typo…oi vey people