Gmail Users, Beware: This Phishing Attack Is Pretty Smart

Hackedbykst / Pixabay

Phishing attacks are not new and people are well aware of them, but the latest phishing scam on Gmail users is pretty good at fooling unsuspecting users. While tech-savvy people may easily be able to detect fishy emails, some new and innocent users might easily fall prey to them. However, a little information and awareness can easily help people escape issues.

Gmail users, beware

The one going around currently looks like any ordinary email and is pretty convincing; hence, it can affect many users. Tricksters send emails to people with an attachment that redirects them to a page requiring them to enter their Gmail account credentials once more, allowing them to be stolen easily and misused. Access to the victim’s Gmail account enables them to further spread the scam.

There is a striking resemblance between the image that looks like an attachment in the phishing email and Google’s own attachment graphics. When clicked, the user is redirected to a login page which is also similar to Google’s own login page, making the scam highly dangerous.

How to avoid this phishing scam

There is one catch that needs to be watched closely to identify that it’s a phishing attack. The user must notice the URL of the login screen that opens once the fake attachment is clicked upon. Instead of starting with https:, it begins with data:text/htyml. This indicates that there is no secure server hosting the fake login page.

This scam was noticed for the first time in January, and Wordfence even issued a warning about it, notes TechTimes. Also according to Wordfence, now a warning saying “Not Secure” pops up on the latest version of Google’s Chrome browser when such pages load. While this may help keep Chrome users from getting trapped, users who do not use Chrome or those who use Chrome but don’t install Google’s updates are still highly vulnerable.

Precautions are better than a cure

As a precaution, different websites should be accessed using different passwords so that the loss of one website’s credentials does not affect other websites. Secondly, instead of clicking on links contained in an email, type a web address directly into a browser. Thirdly, typos are a common feature of all phishing attacks, and hence, if the email is from a reputable company it SHOULD NOT have any typos.

Fourth, there are sites users can check to find out whether or not their email address has been used for phishing. Lastly, users must use strong security software on all the gadgets they use to access the Internet.

For exclusive info on hedge funds and the latest news from value investing world at only a few dollars a month check out ValueWalk Premium right here.

Multiple people interested? Check out our new corporate plan right here (We are currently offering a major discount)

About the Author

Aman Jain
Aman is MBA (Finance) with an experience on both Marketing and Finance side. He has worked as a Risk Analyst for AIR Worldwide, and is currently leading VeRa FinServ, a Financial Research firm. Favorite pastimes include watching science fiction movies, reviewing tech gadgets, playing PC games and cricket. - Email him at [email protected]

Be the first to comment on "Gmail Users, Beware: This Phishing Attack Is Pretty Smart"

Leave a comment