Don’t Be Fooled by the New Gmail Phishing Scam

Be aware Gmail users a new sophisticated phishing attack is fooling everyone, even the seasoned security experts!

The scam will trick you into giving up your username and password for Gmail and other services. How? Well the attack starts by the hacker sending an email that may appear to be from someone you know with an attachment you recognize. However that attachment is a trick to get you to launch a new tab that will show the Gmail sign in page.

The address bar at the top says “accounts.google.com” in it so it seems real, right? Wrong! If you take a closer look you will see it is not quite what it seems.

With this scam getting the better of even the most security-conscious users, how do we spot something fishy in the address bar?

Always check to see a green lock icon in the browser address bar and make sure the URL starts with https://. The fact that the scam URL starts with “data:text/html” is a sure sign that the site should not be trusted.

Once you sign in the attacks will have full access to your Gmail account. From there they will find an attachment from one of your previous emails, plus a subject line you’ve used before and send it to all your contacts.

At this point they have control of your email address, so they can use the password reset process to compromise all your other services.  

Apparently there is no real way to know if your account has been attacked, but if you think you have fallen victim the best thing to do is change your password immediately or contact The Computer Guyz in Cape Town or Centurion.