A new phishing scam is targeting all the Gmail users and tech experts say it could eventually spread to other email accounts if you are not careful.
The scam starts out with an email that comes from your friend’s email and yes that’s right.
In this case, while clicking the PDF attachment thinking that it’s your friend, will take you to a Google login page (phishing page) which appears exactly like the original one. Except the fact that it’s a compromised page. It will ask you to input the credentials and if you do it, you are giving away your user name and password to the attacker yourself.
How to Protect the Gmail Account from the Phishing Attack
The method to identify the bug lies in the URL or location or address bar. The bug hides in plain sight but don’t gets detected as, most computer users think that the webpage is Google’s secure login page after seeing ‘accounts.google.com’ in the address bar.
The hackers use a phishing method (not URL) known as URI or data uniform resource identifier. This method is used to attach a data file in the location bar in front of ‘https://accounts.google.com.’
The so called file ‘data:text/html’ is found in front of the URL host name, which opens up the phishing login page or the fake page.
To protect your google account and not fall for this trick, you should make sure that there is nothing in front of the host file name.
Also enabling the 2-step login authentication available for Gmail can stop the phishing from taking place as the hacker would need the OTP (One Time Password) to complete the login.
How this Phishing Attack Works?
Most people easily fall for this trick as the email containing malicious attachment comes from the account of your friend or a relative which looks real, whose account has already been compromised. The email contains PDF file disguised as image attachments.
Once you click the attachment for a preview, the browser will open a new Google account login page asking for your credentials. This is the part where most people get tricked. In the new tab, the URL bar shows ‘accounts.google.com.’ Though phishing scam contains some other text in the address bar, most people think it is a genuine one and will start typing the credentials.
In reality, clicking the attachment loads a webpage full of codes into your browser’s address bar. Once the sign-in attempt is complete, your Google account has been compromised.
“The attackers who sent you the email log in to your Google account immediately once they get the access passwords, and they are going to use one of your actual attachments, along with the usual subject lines you send it to people, and send it to people in your contact list” shared by one scam experienced user.
Once the attacker gets access to a your account, all your valuable and secure documents including sent and received items, google drive files fall into the hands of an attacker, who uses the new Google contacts to spread the malware.
Once the users loses the sole authority from the user’s google account, it is very likely the user will be barred access to any other services linked with the Gmail account username and password. The process happens too fast for anyone to notice.