Beware of the new Gmail phishing scam | What you need to know5 minute read

Help us fight censorship!

There has been a new very complex Gmail phishing attack on the rise getting many unsuspecting individuals personal information with ease. Here is everything you need to know about the hack….

Mark Maunder, the CEO of WordPress security plugin Wordfence, says the attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.

  • If you click on the image, expecting Gmail to give you a preview of the attachment, a new tab will open up, prompting you to sign in to your Gmail account again. At first glance, the location looks like a service login page, but it is actually a phishing attempt.
  • A sign-in page for Gmail pops-up. Once you complete sign-in, you account has been compromised. A commenter on Hacker News describes in clear terms what they experienced over the holiday break once they signed in to the fake page.
  • The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.
    • For example, they went into one student’s account, pulled an attachment with an athletic team practice schedule, generated the screenshot, and then paired that with a subject line that was tangentially related, and emailed it to the other members of the athletic team.”

 

Maunder said the phishing technique uses something called a ‘data URI.’ If you widen out the location bar it looks like this:

On the far right of the location browser, you can see the beginning of what is a very large chunk of text. This is actually a file that opens in a new tab and creates a completely functional fake Gmail login page which sends your credentials to the attacker.

There is no way to tell if your Gmail has been hacked already or not. Just be careful!

View the full story from PC MAG

Follow us!
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Use Twitter or Facebook to share you thoughts!x
()
x