There is a new phishing scam targeting Gmail users, which has even fooled even tech experts into giving up their Google credentials. The phishing email usually comes from the accounts of people whose details are in the owner’s address book; these accounts are compromised and end up send this phishing email.
The email includes something that appears to be an image of an attachment, and when you click on it hoping to see a preview, you are instead shown a new tab that prompts you to sign into your Gmail ID again. If you are careful enough to have a glance at the website address bar, you will notice the ‘data:text/html,’ text preceding the normal Gmail service login. Most people who just give this a quick glance and believe it to be the genuine login get trapped in the phishing net. Also there’s no warning that comes when this link opens as is usually the case with other malicious links.
The new phishing technique was first noticed by Mark Maunder, CEO of Wordfence, for WordPress. “The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list,” Maunder explains.
Considering that people do not expect phishing email from friends or co-workers, they fall into the trap easily. According to Maunder, signing into a user’s account who has divulged their password on the fake login page is instant. The attackers then get complete access to the users emails and can collect all personal information for secondary attacks.
Using your email address, the attacked can compromise a wide variety of services that you rely on by resetting log-in details for the same. The report suggests while this kind of phishing attack is restricted to Gmail, it could potentially be used on many other platforms.
To make sure that you do not fall victim to this, read your website address bar carefully before signing into your account. There needs to be an HTTPS:// in the beginning of every sign-in page. There is no sure way to know if your account has already been compromised, but if you have any doubts you should change your password immediately. Changing passwords every few months is also a good practice to develop in general. Also keep two-factor authentication-on is recommended.