Phishing scam targets Gmail users

If you're a Gmail user, you may want to pay attention.

A new phishing scam is targeting Gmail users, fooling many users into giving up their login credentials.

The message comes from the email account of a known person, who has already been compromised. The email contains image attachments disguised as PDF files.

Once the attachment is clicked on, a new tab opens and asks the user to log into Gmail again.

The tab location bar shows account.google.com, which fools users into thinking it's safe - so they log in.

The attachment actually loads a webpage full of codes into the browser's address bar.

The scam was detailed on WordFence.com, a well-known tech security blog.

“The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list. For example, they went into one student’s account, pulled an attachment with an athletic team practice schedule, generated the screenshot, and then paired that with a subject line that was tangentially related, and emailed it to the other members of the athletic team.”

Once they have access to your account, the attackers may download your emails.

You can protect yourself by paying close attention to the address bar. Here's what Tech Times suggests:

The hackers use a phishing method known as URI or data uniform resource identifier. The URI method is used to attach a data file in the location bar in front of "https://accounts.google.com."

The data file "data:text/html" is attached in front of the host name, which opens up the fake login page.

To protect the account and not fall for this trick, a user should make sure that there is nothing in front of the host file name. One should verify the protocol and the host name.

Also enabling the two-step authentication available for Gmail can stop the attack from taking place as the hacker would need the OTP (One Time Password) required for completing the login.

If you think you've been compromised, change your password immediately. 

Google released a statement on the scam:

“We advise people to be careful anytime you receive a message from a site asking for personal information. If you get this type of message, don’t provide the information requested without confirming that the site is legitimate. If possible, open the site in another window instead of clicking the link in your email. You can report suspicious messages directly to us. Google will never send unsolicited messages asking for your password or other personal information.”


About the Author:

Ken Haddad has proudly been with WDIV/ClickOnDetroit since 2013. He also authors the Morning Report Newsletter and various other newsletters, and helps lead the WDIV Insider team. He's a big sports fan and is constantly sipping Lions Kool-Aid.

Recommended Videos