Feature: In recent times, people have been feeling the comforts and horrors that technology is bringing in their lives. And today’s article is a perfect example of the latter.

A new phishing attack is fooling even the most tech-savvy and careful of Gmail users!

What You Need To Know

This scam aims to steal usernames and passwords, which innocently starts with a simple email. What’s worse, the email would come from someone you know, so that already puts your security antenna down a few notches.

The email would contain something that looks like an attachment. When you open it, instead of getting a preview, you will be directed to the Gmail sign in page again.

Once you sign in, the attackers will now have full access to your account. And it’s not just Gmail- it targets other services too. The attackers can now explore the compromised account, look for past emails and attachments, create decoy image versions and compose a whole new email with believable subject lines that will target the person’s contacts.

And this vicious cycle of fraud continues.

How to Protect Yourself

Constant vigilance!

Always pay close attention to your browser’s location bar when signing in. If the location bar reads “https://accounts.google.com…,” then you’re good to go. However, please consider this a major red flag if this is what you see on your browser:

Note that in the phishing attack, the address starts with “data:text/html,” followed by the usual “https://accounts.google.com…” It’s easy to miss so be on the lookout always!

Aside from checking the browser location, make it a habit to verify the protocol and hostname.

There shouldn’t be any out-of-place characters preceding the hostname (accounts.google.com,) aside from the ‘https://’ and the GREEN lock symbol (with great emphasis on the color. )

It would also help to change your password and check your login activity regularly. You can never be too sure, so it’s best to be on guard at all times!

Spread the word

Make others be aware of this new scheme! Share this story to everyone you know to tip them off and alert them as to how they can avoid falling victim to having their accounts compromised.

* Photo credits and information sources: 
  • https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
  • http://www.foxnews.com/tech/2017/01/18/dont-fall-for-this-sophisticated-gmail-phishing-scam.html
  • https://www.onlinethreatalerts.com/
  • https://commons.wikimedia.org/