A new phishing scam is targeting Gmail users and has fooled many people including tech experts in giving up their Google credentials.
The hackers use the acquired Gmail credentials to log into the account, scour through the sent messages and pass the bugged email onto other non-suspecting users.
The attack is not only targeting Gmail users but other services as well. The scam was detailed by Mark Maunder, CEO of Wordfence, which is the security service for WordPress.
The Phishing Attack: How It Works
People easily fall for this trick as the malicious email comes from the account of a known person, whose account has already been compromised. The email contains image attachments in the disguise of a PDF file.
Once the attachment is clicked for a preview, a new tab opens up and asks the user to log into the Gmail account again. This is the part where most users get tricked. In the new tab, the location bar shows "accounts.google.com." On seeing this, most the users deem it is a safe and an authenticated Gmail login page, so they log in.
In reality, clicking the attachment loads a webpage full of codes into the browser's address bar. Once the sign-in has been finished, the account of the user has been compromised.
"The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list," shared someone who experienced the scam.
Once the hacker gets access to a user's account, all the emails and documents sent and received by the user fall into the hands of the fraudster, who uses the new contacts to spread the malware.
Once the users lose the sole authority from their Gmail account, it is very likely they will be barred access to any other services linked to the Gmail account username and password. The process happens too fast for anyone to notice.
How To Protect The Gmail Account From The Phishing Attack
The trick to identifying the bug lies in careful scrutinization of the address bar. The bug hides in plain sight but doesn't get detected as most users think that the webpage is Google's protected login page after seeing ''accounts.google.com'' in the address bar.
The hackers use a phishing method known as URI or data uniform resource identifier. The URI method is used to attach a data file in the location bar in front of "https://accounts.google.com."
The data file "data:text/html" is included as a prefix in the browser's location bar, which opens up the fake login page.
To protect the account and not fall for this trick, a user should make sure that there is nothing in front of the host file name. One should verify the protocol and the host name.
Also enabling the two-step authentication available for Gmail can stop the attack from taking place as the hacker would need the OTP (One Time Password) required for completing the login.
