The emails, which claim to be sent from Gmail.com staff, tell recipients they are among a dozen winners picked to receive $500, according to security firm Sophos. To receive the payment, the individuals must click on a link, which directs them a Tripod-hosted website that appears to be a legitimate Gmail page.
Once they arrive at the site, victims are told they must register for "Gmail games" by entering in either their e-gold, PayPal, StormPay or moneybookers account information and paying an $8.60 membership fee.
"Of course, this email wasn't really sent by the folks at Gmail, and the $500 cash prize doesn't exist," said Graham Cluley, senior technology consultant for Sophos. "Anyone tempted to try and collect it is in danger of walking straight into a trap set by these fraudsters. People need to learn that there is no such thing as a free lunch, and to be much more wary of unsolicited email communications whoever they may appear to come from."
A Google spokeswoman, in a statement today, called the scheme "unfortunate" and said the search engine giant was able to quickly detect and block emails coming from the rogue IP addresses, limiting the attack to just "a small number of Gmail users."
"We have phishing detection capabilities built into Gmail, so we were able to act quickly to limit the impact of this attack," said spokeswoman Courtney Hohne. "We were notified of the attack last week and immediately blocked these emails, disabling links and providing a warning across the top of each message."
She added that Google users should be on the lookout for emails that request personal information or ones that refer them to websites asking for confidential data.
Gmail, known for its expanded storage capabilities and interface features, is still in beta but growing in popularity – so not surprisingly it has become a target for phishers. According to Sophos, 58 percent of people receive a phishing email each day.