Phishing attacks are not new and people are well aware of them, but the latest phishing scam on Gmail users is pretty good at fooling unsuspecting users. While tech-savvy people may easily be able to detect fishy emails, some new and innocent users might easily fall prey to them. However, a little information and awareness can easily help people escape issues.
Gmail users, beware
The one going around currently looks like any ordinary email and is pretty convincing; hence, it can affect many users. Tricksters send emails to people with an attachment that redirects them to a page requiring them to enter their Gmail account credentials once more, allowing them to be stolen easily and misused. Access to the victim’s Gmail account enables them to further spread the scam.
There is a striking resemblance between the image that looks like an attachment in the phishing email and Google’s own attachment graphics. When clicked, the user is redirected to a login page which is also similar to Google’s own login page, making the scam highly dangerous.
How to avoid this phishing scam
There is one catch that needs to be watched closely to identify that it’s a phishing attack. The user must notice the URL of the login screen that opens once the fake attachment is clicked upon. Instead of starting with https:, it begins with data:text/htyml. This indicates that there is no secure server hosting the fake login page.
This scam was noticed for the first time in January, and Wordfence even issued a warning about it, notes TechTimes. Also according to Wordfence, now a warning saying “Not Secure” pops up on the latest version of Google’s Chrome browser when such pages load. While this may help keep Chrome users from getting trapped, users who do not use Chrome or those who use Chrome but don’t install Google’s updates are still highly vulnerable.
Precautions are better than a cure
As a precaution, different websites should be accessed using different passwords so that the loss of one website’s credentials does not affect other websites. Secondly, instead of clicking on links contained in an email, type a web address directly into a browser. Thirdly, typos are a common feature of all phishing attacks, and hence, if the email is from a reputable company it SHOULD NOT have any typos.
Fourth, there are sites users can check to find out whether or not their email address has been used for phishing. Lastly, users must use strong security software on all the gadgets they use to access the Internet.