A Gmail phishing scam is targeting and fooling even the most tech-savvy email users. According to the Wordfence, a security plugin WordPress developer, "there is a highly effective phishing technique stealing login credentials that is having a wide impact, even on experienced technical users."
How Tech-Savvy Users Were Fooled By Gmail Phishing
Our earlier report lays out the details on how the Gmail phishing works. The hacker sends an email to your Gmail account using a familiar address, which unbeknownst to you has already been compromised using the same technique. The email comes with a subject line and a thumbnail image of an attachment that the victim has previously sent. Once you click on what you thought was an attachment, you won't be given a preview. Instead, a new tab opens up and you will be prompted to sign in to Google again.
Here's where things can get tricky. The sign-in page looks eerily identical to the normal Gmail login page, and if you glance at the address bar you will see the words 'accounts.google.com,' which may prompt you to think that the page is legit. The only indication that something is not right are the words 'data:/text/html' in the address bar before the words 'accounts.google.com.' If you're not paying close attention, you may assume that the URL is safe.
Once you input your Gmail username and password, this information goes straight to the attacker, who logs in to your Gmail account right away and collects your contacts' email addresses. These contacts will then become the new targets.
Aside from your contacts list, the attacker will also have full access to the emails you have sent and received, which can then be used to defraud others. The hacker can also use your Gmail account to gain access to SaaS services linked to your email, simply by using the password reset mechanism.
How You Can Protect Your Gmail Account From Phishing Scam
Satnam Narang, Senior Security Response Manager at Norton by Symantec, provided some tips on how to protect Gmail users from this cyber attack. "The best way to identify this attack is to look at the address bar. In this case, look for the words 'data:/text/html' at the beginning of the URL," says Narang. "If you see this, close the browser tab and alert your friend that their account has been compromised."
Narang also suggested using Google's two-step verification in Gmail to improve your email's protection and security. Also look for the green lock icon and the "Secure" label next to the address bar when accessing your email.