New Gmail Phishing Scam Is Very Dangerous, Here’s How To Recognize It
There are more and more phishing scams every day, but the newest Gmail scam is pretty dangerous and hard to notice. The scam managed to fool many users and even some security experts. Like many other online scams, this one can gather private data, scour through your emails, and use your email address to send the phishing email to other users.
Mark Maunder, CEO of Wordfence – a WordPress security service – detailed the scam on the Wordfence blog. According to Maunder, “The way the attack works is that an attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.” The email contains a couple of image attachments that are disguised as a PDF file.
The scam is so effective because it shows a regular Gmail login page along with “accounts.google.com.” address in the location bar, making users believe the login page is genuine. But, there are some differences. For instance, in front of the host name, there’s an attached “data:text/html” data file. If you receive an email that leads you to a login page with the “data:text/html” in the address, do not provide your login credentials. Make sure that there’s nothing in front of the host file name and verify that the protocol and the host name don’t look like on the picture below. The hacking method used is known as URI or data uniform resource identifier.
Image Source: wordfence.com
A person who faced the scam shared that “The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.”
Aside from verifying that there is no “data:text/html” in the address bar, you should enable Google’s two-step verification for Gmail, because the attackers would need the One Time Password (OTP) to login to your account if using Gmail two-step verification.
Sophisticated Phishing: Beware the Latest Gmail Phishing Attack
Hackers have reportedly devised a new phishing method which seems to be tricking even the most experienced and tech savvy users into revealing their account details.
The highly effective phishing campaign seems to be running on a sophisticated automation feature that pounces on newly compromised Gmail accounts to mount a secondary attack on users in the contact list.
Once hackers have taken over a Gmail account, they launch their secondary attack by sending out emails disguised under recently sent attachments and a relevant subject line. The email contains a thumbnail version of the attachment which, when clicked, opens up a convincing Gmail login box a trap that tricks users in revealing their Gmail account password.
What makes this new technique effective is that the emails are received from someone the victim knows. Further, the attack doesn’t send potential victims to a dodgy website that could be blocked, and features an attachment instead which loads as a full web page.
The browser’s address is also padded with white space, so that victims only see the first part which is enough to convince them to let down their defenses.
Fortunately there is a simple way for users to protect themselves against such attacks. Users can enable factor authentication on their Gmail accounts which would require a secondary factor such as a smartphone when logging into the account.
Users are also advised to lookout for a lock icon next to the address bar. However, this method is not foolproof as many phishing pages are now hosted on SSL-secured servers and would feature the lock icon as well.
Thanks MobiPIcks, CIO-Today and for reading Dangerous Gmail Phishing
This Site is Blocked By Some Browsers, WOT And Parental Controls Triggered By TERMS and TOPICS of Internet Crime; Child Porn, Pornography Addiction, Sexting, Sextortion, Sexual Harassment. Children as young as 9 years old are Watching Porn and Sexting.
Use the POWER of Social Media SHARING to HELP INCREASE AWARENESS of these important topics for Parents, Friends and our Children