Phishing scams are in the spotlight once more, and it doesn’t seem as if they’re going away any time soon. Search engine giant Google recently became aware of a security flaw in its Public Service Search feature that left the service open to phishing scammers. Though Google is not aware of any scams that have been perpetrated through the flaw, it has disabled the service until the problem is fixed. Public Service Search is a service that allows non-profit and university groups to add a free Google search feature to their websites.

Google was first made aware of the security flaws “several weeks ago,” when programmer and blogger Eric Farraro informed the company that he had successfully used the service to create a website that resembled the Google homepage with a Google.com address. Since the service allows users to customize the header and footer of the search results page, it could be easily used in a phishing attacks to create a legitimate looking website and steal people’s information. Farraro notes on his blog that seeing the Google name in a site URL would lead people to trust the site, which means they might not hesitate to enter personal information if the fake “Google” asked for it.

Phishing is a form of internet fraud that is used to obtain a user’s personal information, including names, passwords, credit card and social security numbers, user Ids, and bank account numbers, to name a few. This information is ostensibly used in identity theft scams. Phishing can be carried out in person, over the phone,  through spam e-mail or popup windows, or, as discussed here, through phony websites.

According to the Official Google Webmaster Central Blog, Google has disabled Public Service Search while working to fix the issue. Google Security Manager Cory Altheide states in the blog entry that the disabled status of Public Service Search prevents users from creating new accounts, making changes to existing accounts, and viewing their search results in a customized format. Google plans to restore the service to its normal state when the security issue is resolved.

If you are worried about being exploited by a phishing scam, the Federal Trade Commission (FTC) recommends following some guidelines:

1. If you get an email or pop-up message that asks for personal or financial information, do not reply or follow any links in the message.
2. Use anti-virus software and a firewall, and keep them up to date.
3. Don’t email personal or financial information.
4. Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
5. Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.
6. Forward spam that is phishing for information to This e-mail address is being protected from spam bots, you need JavaScript enabled to view it and to the company, bank, or organization impersonated in the phishing email.
7. If you believe you’ve been scammed, file your complaint at ftc.gov, and then visit the FTC’s Identity Theft website at www.consumer.gov/idtheft.