Yes, Gmail–Our very own Gmail! Even that’s not spared from the waves of phishing attacks. Gmail has always been immensely popular amongst email clients. Just like Google has replaced the word ‘search’ in the same way Gmail became the metonym for emailing. However, Gmail has unfortunately become a victim of a latest phishing scam which is so convincing that a lot of users fall for it. The scam tricks users into giving their Google login details, allowing the attacker to sift through their messages.
People are calling it “The Gmail Phishing attack” (Yes it has a name now). It is said to be fooling even tech-savvy users. According to security experts, the scam has managed to convince even “experienced technical users”, and is targeting other services in addition to Gmail. Researchers even claim that this is the largest known account breach till date.
Let’s see how the hackers are executing their phishing plans.
How it works?
Once you login to your account you’ll see an email, which is likely to come from someone you know and who has had his account hacked using this same technique. It may also include a rogue attachment that looks like something that you previously sent to this contact and is also likely to have a relevant subject line.
The moment you’ll click on the image/attachment, expecting Gmail to give a preview of the attachment, it will instead open a new tab and prompts to sign-in into Gmail again.
And once you sign-in to account, you become a prey to their trap. It is very likely that the victims might not easily notice the hack, as a glance at the location bar shows ‘accounts.google.com’ in there.
As soon as you proceed further, you’ll see a fully functional sign-in page that looks like this:
The attackers then gain access to your account and once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.
The fact which adds more misery is, that the phishing pages do not seem to trigger any security warnings, which normally warn users if they land on an unsafe page or content.
What you need to know!
There is only one simple tip which can always save you from phishing attacks: Always check the address/location bar of the website first before filling your credentials.
If you have actually become a prey to this attack, then you did exactly this and saw ‘accounts.google.com‘ on the location bar, and you went ahead and signed in.
However, to protect yourself against this you need to change what you are checking in the location bar.
On the far right of the location browser, you can see the beginning of what is a very large chunk of text. This is actually a file that opens in a new tab and creates a completely functional fake Gmail login page which sends your credentials to the attacker.
The most obvious giveaway is that the legitimate Gmail sign-in page’s URL begins with a lock symbol and ‘https://’ highlighted in green, not ‘data:text/html,https:// If you can’t verify the protocol and verify the hostname, stop and consider what you just clicked on to get to that sign-in page.
Spread the word
Create as much awareness as you can among your family and friends to prevent this from having a wider impact. Never open suspicious hyperlinks or attachments in any emails, even if they appear to come from a friend or coworker, use extreme caution!
Don’t fall for this one—Stay safe!