Gmail Phishing Attack Fools Tech-savvy Users
Posted by: Timothy Weaver on 01/16/2017 12:01 PM
[
Comments
]
A new tech-savvy phishing attack is targeting Gmail users. The purpose of the attack is to gain Gmail credentials.
The attack unfolds with a compromised account. This can be accomplished by trying a password from data dumped breaches.
Once they have a compromised account, the criminals search through the emails until they find one with an attachment. They then create an image (screenshot) of it and include it in a reply to the sender. If the potential victim clicks on the attachment, they are sent to a fake Gmail log in page where they are prompted to enter their login details.
The fake page is a good copy of the real thing including the accounts.google.com subdomain which is good enough to fool even the tech-savvy.
WordFence CEO Mark Maunder warns: “This phishing technique uses something called a ‘data URI’ to include a complete file in the browser location bar. When you glance up at the browser location bar and see ‘data:text/html…..’ that is actually a very long string of text.”
Once they have the login credentials, the attack chain starts all over again.
Maunder suggest users stay safe by using two factor authentication.
Source: HelpNet Security
The attack unfolds with a compromised account. This can be accomplished by trying a password from data dumped breaches. Once they have a compromised account, the criminals search through the emails until they find one with an attachment. They then create an image (screenshot) of it and include it in a reply to the sender. If the potential victim clicks on the attachment, they are sent to a fake Gmail log in page where they are prompted to enter their login details.
The fake page is a good copy of the real thing including the accounts.google.com subdomain which is good enough to fool even the tech-savvy.
WordFence CEO Mark Maunder warns: “This phishing technique uses something called a ‘data URI’ to include a complete file in the browser location bar. When you glance up at the browser location bar and see ‘data:text/html…..’ that is actually a very long string of text.”
Once they have the login credentials, the attack chain starts all over again.
Maunder suggest users stay safe by using two factor authentication.
Source: HelpNet Security
Comments
