Email Scams happen every day but you least expect it on platforms like Google and this is why researchers are listing it among the sneakiest Google Gmail scam you are likely to fall for.
Security Researchers at WordFence, identified the scam that tricks Google Gmail customers into divulging their login credentials and the it has been happening for the past few months and is reportedly hit other email provider services
WordFence the developers of a popular WordPress security tool warned of the phishing attack in a recent blog post, reporting that the scam has impacted even experienced technical users.”
This is the closest I’ve ever come to falling for a Gmail phishing attack. If it hadn’t been for my high-DPI screen making the image fuzzy… pic.twitter.com/MizEWYksBh
— Tom Scott (@tomscott) December 23, 2016
How the scam happens
Cyber attacker probably disguised as your trusted contact, sends a boobytrapped email with what appears to be a regular attachment, for example PDF or Word document. The prospective victim will not even be suspicious.
The harmless attachment is actually an embedded image designed to look like a PDF. And rather than reveal a preview of the document when clicked like it works normaly, the PDF like embedded image opens a link out to a fake Google login page.
Scam gets very devious after this new link that looks like an authentic Google sign-in page complete with the Google logo, the username and password entry fields, the tagline (“One account. All of Google.”). By all indications, the page is a facsimile of the real thing. Except for one clue: the browser’s address bar.
Even on the URL, it is still easy to miss the clue. The text still includes the “https://accounts.google.com,” on the seemly legitimate URL, however, here’s the trap: that URL is preceded by the prefix “data:text/html.”
The text in the address bar is what’s known as a “data URI,” not a URL. A data URI embeds a file, whereas a URL identifies a page’s location on the web. If you were were to zoom out on the address bar, you would find a long string of characters, a script that serves up a file designed to look like a Gmail login page. This is the trap.
As soon as a the prospecitve victim enters his or her username and password into the fields, the attackers then capture the log in credentials as information.
This is where it get worse, once the scammer gains access to a person’s inbox, they immediately start the process to use the compromised account and prepare to launch their next attack, here, the locate find past emails from the sent folder and attachments, create boobytrapped-image versions, create new believable email subject lines, and then send out to the person’s contacts. The vicious cycle of hijackings then continues.
Here’s how to protect yourself:
- Google Chrome users can protect themselves by checking the address bar and making sure a green lock symbol appears before entering their personal information into a site. However, scammers hcan also create HTTPS-protected phishing sites, which also display a green lock, it’s therefore important to make sure this appears alongside a proper, intended URL—without any suspicious URL preceding it.
- Users should add the two-step authentication, to add a layer of security that can help prevent account takeovers.
- Use a dedicated security token as recommended by experts