Lots of people are falling for this latest Gmail Phishing Scam
If you, like us use Gmail as an email client instead of Windows live or Apple mail (If you don’t, you should, it’s awesome!) then you’ll know how great it is.
It’s not without it’s flaws though, however.
The security ‘geeks’ who head up a team of people looking into scams like this all the time have identified a “highly effective” phishing scam that’s been tricking loyal Gmail users into handing over their login details. The scam, which seems to be snowballing in terms of popularity over the past few months, reportedly targeting other email services as well, involves a clever little trick that can be very hard to detect, even for well-oiled pro’s.
Security researches at WordFence, a team of people that make the popular WordPress Security Tool, warned of the attack in a recent online post, noting that it seems to be having a wide impact, even on highly experienced, technical users.
Here’s how it works and how YOU can keep safe!
The ‘attacker’, usually cloaked as one of your contacts or a trusted business, sends a sneaky email to your inbox.
Attached to that email, there appears to be a regular old .PDF file, nothing untoward about that right? Especially if it’s coming from someone you already know or a website you’ve ordered from in the past…
This attachment almost always turns out to be an embedded image that has been disguised as a regular PDF, which, when clicked takes you straight to a fake Google login page (see screenshot).
Thanks to Tom Scott for the image.
Everything about the sign-in page looks legitimate.
The logo, the username and password fields, the fonts, colours. Everything!
By all accounts, the page is an identical copy of the real deal, except for one HUGE giveaway… your web browser’s address bar.
Even then, it can be easy to miss.
The text still includes the “https://accounts.google.com,” a URL that seems legitimate.
The elephant in the room, however is; that URL is preceded by the prefix “data:text/html.”
As a matter of fact, the text in the browser address bar is usually referred to as a “data URI” and not the bog standard URL.
Where a URL identifies the page’s location on the World Wide Web a data URI embeds a sneaky file.
If you were to zoom further out on the scam URL you’d notice there’s a ‘gap’ after the usual address followed by some dodgy looking code. Herein lies, THE TRAP!
As soon as someone enters there username or password into the phoney fields, the attacker can grab the information. Once this happens they not only gain access to the user’s inbox but also a whole host of private information.
If you think it’s too late and you’ve fallen victim to this scam the best thing to do is to change your password immediately.
Head on over to the Gmail Support Article if you think your account has been compromised.
Stay safe out there guys!
