949.235.8742 helpdesk@th2tech.com

A new phishing attack targeting Gmail users is making the rounds and it’s so sophisticated, it’s fooling even the most security conscious users.

How does it work?

The phishing attack aims to steal usernames and passwords from users, allowing the cyber criminals behind the attacks to access their Gmail accounts as well as other services.

Like the vast majority of phishing attacks, this scam starts with an email. Unlike other phishing schemes, however, the email won’t be from a random person, but rather will appear to be from someone you know, and may include an image of an attachment you will recognize as being from the sender.

According to Mark Maunder, CEO of WordPress security plugin Wordfence, the campaign “is being used right now with a high success rate. You click an image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again. You glance at the location bar and your see accounts.google.com in there.”

This fools users into thinking that the document is safe, encouraging them to log in without a second thought. What the attachment actually loads, however, is a webpage full of codes into the browser’s address bar.

Once they’ve accessed your log in details, the attackers then immediately log into your account and use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.

Protecting yourself

To protect yourself from this phishing attack, make sure you pay close attention to the address bar. When downloading a document, even one that appears to have been sent by someone you know, make sure there’s nothing in front of the host file name in the address bar.

In addition to this, enable the two-step authentication protocol that’s available for Gmail. This can stop the attack from taking place as the hacker would require the One Time Password required to complete the log in.

And, it goes without saying that, if you think you’ve been hacked, change your password immediately.

To protect your computer information security, ensure that you have an effective, up to date network security system as well as a firewall service.

References:

http://www.foxnews.com/tech/2017/01/18/dont-fall-for-this-sophisticated-gmail-phishing-scam.html

https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-information/phishing