Tech-savvy Gmail users are falling victim to hackers who steal their login credentials, according to a security expert, who notes that increasingly sophisticated phishing techniques are being employed. The scam is being described as one of the most convincing yet, and tricks users into giving their Google login details, allowing the attacker to sift through their messages. The attacker can even copy their style of writing, convincingly passing the fake email on to the victim’s contacts.
The hacker will first send you an email, which includes an attachment, according to Mark Maunder, the CEO of WordPress security plugin Wordfence. When you click on the attachment to preview it, a new tab opens to what looks like a Gmail login page. However it isn’t genuine. If you enter your email and password, hackers will have stolen your credentials and have full access to all of your emails.
When you click on the attachment, you are directed to phishing pages, disguised as the Google sign-in page.
If you enter your details, your Gmail account becomes compromised, allowing the attacker to sift through your sent messages folder and pass on the scam.
Even more worryingly, the phishing pages do not seem to trigger Google’s HTTPS security warnings, which normally warn users if they land on an unsafe page.
Why would I open the Gmail from a random person in the first place?
The email will contain a subject line and the attachment from the contact may look familiar – they may use a subject line that your contact has used before – and rename the attachment to something plausible. Once the hackers gain access to your emails, they will look for future targets they can send the phishing emails to. Once the hackers gain access to your emails, they will look for future targets they can send the phishing emails to.
How do I stay safe?
To avoid being a victim of the scam, Mr Maunder recommends enabling a two-factor authentication, and keeping a look out for the prefix ‘data:text/html’ in the browser location bar – a sign of a fake web page.
He said: ‘Make sure there is nothing before the host name ‘accounts.google.com’ other than ‘https://’ and the lock symbol.
‘You should also take special note of the green colour and lock symbol that appears on the left. If you can’t verify the protocol and verify the hostname, stop and consider what you just clicked on to get to that sign-in page.’
Google’s statement: “We advise people to be careful anytime you receive a message from a site asking for personal information. If you get this type of message, don’t provide the information requested without confirming that the site is legitimate. If possible, open the site in another window instead of clicking the link in your email. You can report suspicious messages directly to us. Google will never send unsolicited messages asking for your password or other personal information.”
Click here for full details on how you can protect yourself
Sources:
https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
https://inews.co.uk/essentials/news/technology/gmail-users-targeted-hackers-phishing-technique/
