Something Phishy’s Going On

New Phishing Attack Targeting Gmail Users – What to look for & How to avoid it.

Our Gmail accounts have become a sort of internet passport, allowing us to access numerous invaluable services from a single account, which means that nearly every other ‘account’ we have is linked to it. Our entire online identity is tied to our Google account and if anyone were to gain unrestricted, unauthorized access to it, we are all at risk of potentially irreversible damage. Scarily, this is exactly what’s happening right now. Hackers are peddling a brand new, skilfully crafted phishing attack that can dupe even advanced users. If you don’t know what phishing is, see here.

Hackers are targeting Gmail users indiscriminately, using cunningly crafted emails to obtain the user’s account login credentials. When you receive them, the phishing emails contain innocent looking attachments and may make reference to emails you have recently sent to or received from those contacts. Basically, it’ll look like someone you know is sending you something you expect to receive or are likely to receive from them.

The innocent looking attachment will open in a new browser tab, which takes you to a page that looks identical to the Google Sign-In page. Users are tricked into entering their Google account login credentials under the guise of re-logging into their accounts for security reasons or simply as a formality.

If you do enter your credentials and attempt to sign-in, the hackers will have full access to your Google account and they’ll waste no time taking control of it and your information. You’ll lose control of everything including Gmail, Drive, YouTube and all of Google’s other services and potentially allow hackers full access to your Android phone, if you use one. If that isn’t enough, your account will be used to send phishing emails to all of your contacts exposing them to the attack.

So how do you avoid it? First of all, be aware of this scam and treat anything that opens a new tab with some suspicion. Gmail will rarely require you to randomly sign-in and when it does so, it’ll usually do so in the active tab.

Here are other important things to look out for:

Check the address bar on your web browser and always look for the Green Padlock and for indication that the connection is secure and trusted.

In the case of the Gmail Phishing Scam the genuine URL should look something like this:

https://mail.google.com/mail/u/0/#inbox

The malicious URL may be very long and look like this:

data:text/html,https://accounts.google.com/ServiceLogin?

Finally, if you haven’t already enabled two-factor authentication for your Google account, you should do so immediately.

Today it’s become an oddity to find someone who doesn’t have a Gmail account. Android is, by far, the most popular mobile OS and that makes a lot of people very vulnerable. But you shouldn’t be. By simply being aware, you are ahead of everyone else. Spread the awareness and stay safe online.

Check out our previous post about online security for more information about how to stay safe online.

Have you been attacked or do you know someone who’s been attacked? Tell us in the comments.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s