While we’re pretty sure most people these days are pretty careful when it comes to the safety of their information and their emails, there’s a new Gmail phishing scam and it’s seriously concerning.
While we’ve only just got over the Netflix scam of a few days ago, it seems that users of Google’s popular email client are being targeted in fresh cyber attacks on the regular person.
Described as “highly effective,” researchers at WordFence, a tech company that makes security for the popular web platform WordPress, discovered the scam, and warned users of it in a blog post. Similarly, Satnam Narang, Senior Security Response Manager at Norton by Symantec, also told Refinery29 about how the scam works.
Essentially, you’ll see an email in your inbox from a friend who has already been hacked. That email will look like it contains an attachment of a pdf. Clicking on the “attachment” to provide a preview (as one does in Gmail), however, sends you to a new tab where you’re prompted to input your login details.
As WordFence point out, a cursory glance at the URL of the new tab *might* just deceive you into thinking that it’s actually your Google account (those paying attention, however, will notice that it’s proceeded by “data:text/html,”).
Similarly, the login page looks IDENTICAL to that of the usual Google login page.
However, once you put your details in your account is immediately compromised.
One user on Hacker News described the phishing scam in detail.
So, here’s what you need to be on the lookout for.
Satnam Narang told Refinery29 that “[t]he best way to identify this attack is to look at the address bar.”
It’s also recommended that you set up two-stage verification for your Gmail account. You can learn more about two-step verification here. It’s also recommended to boost your password strength, too, and if you’re using Google Chrome to check for the green lock symbol. Similarly, the URL shouldn’t be proceeded by anything except “http://”
In a statement, Google said that they were aware of the scam, and that they were working to “strengthen our defenses against it.”
It’s important to note that while this scam is primarily focused on Gmail users, WordFence noted that users of other services should remain vigilant. Similarly, you should check and double check the URL bar and see if there are any discrepancies you’re noticing. Finally, check to see what it is that you’re actually clicking on.