Gmail users are the unfortunate targets of a new phishing attack that is reportedly very well developed and quite difficult to determine.
The internet sports an ever-growing community. User numbers increase every second. However, not all users have humanitarian purposes. As such, internet users can be the victims of ransomware, malware or phishing. And Gmail users are the latest victims of this latter.
Phishing, just as its inspiration, fishing, is based on a bait. The action in itself has a specific target. It tries to obtain information. This latter usually has a sensitive nature. Usernames and their passwords are the usual targets. As are credit card details.
Phishing is most usually carried out by assuming a trustworthy identity. Its most commonly carried out on instant messaging services. Or by email spoofing. Phishing emails may sometimes even link to malware.
The latest Gmail attack is quite well thought out. In most cases, the phishing can be detected quite easily. Users can spot usual mistakes in writing, but unusual to the communication. These are most commonly grammar, spelling, or even logo errors.
But the current attack is very carefully developed. The phishing is carried out using the user’s own contact agenda. Gmail users can receive an email from someone in their list. In most cases, these latter have already been hacked as well.
But the scheme goes farther. Before sending the message, the scammer scans the user-contact communication. By going through their messages, it finds a familiar topic.
As such, the received email doesn’t even raise you guards. The known contact and already discussed subject scheme is very effective.
But the scam can be detected. These phishing emails contain an attachment. It usually appears to be a PDF file. Upon clicking on the image, the user will be redirected. A new tab will open to the Gmail sign-in-screen.
Gmail users will be asked to re-login. The link in itself is quite well made. It even contains the accounts.google.com/ServiceLogin. Most scammers do not go this far.
But the whole address in itself is wrong. Gmail users should inspect it very carefully. And look for an additional detail. More exactly, they should search for a data:text/html, beginning. If it’s there, do not log in.
If the location bar looks as follows, do no proceed. The data:text/html,https://accounts.google.com/ServiceLogin?service-mail is not to be trusted. It has been demonstrated to be a scam.
Except for this fact, the method is very well developed. The scammers have even created a fake sign-in screen. This greatly resembles the official Google page.
Gmail users are safe from the attack if they do not sign in. If they do, the scammer will mostly have the login credentials. These can be used to infect other users, as just one potential consequence.
Users can detect the potential attack by another further fact. The matter itself that a signed-in user has to re-login. The method in itself is not unusual. And in no way damaging. But it is usually used in relation to user privacy and security settings. Not in downloading a file.
Gmail users and netizens, in general, can watch out for the following. They can follow basic phishing protection actions. For example, do not click on unknown, suspicious sources. If they receive emails from unknown contacts, watch out for typos. Or do an online search.
If it’s a scam, people are probably already pointing it out. Multiple level authentication and a strong security software should also be taken into account.
Image Source: Wikimedia