Gmail Phishing is back and Its Fooling Tech Savvy People Too!

As to every situation, there are always two sides to it – the boon and the bane, the pros and the cons. The advent of technology also calls upon such a situation with the world getting connected more than ever before but on the downside, we are unnaturally vulnerable to online insecurity. Hacking and phishing are the price we are paying for this advancement, especially when it comes to our mails.

Gmail users are becoming victims to hacking nowadays because of a fake URL that is being sent to their inboxes. If it is an obvious looking spam mail, the mind of the well educated doesn’t fall for it. But the genius and the danger of the scam is that the mail comes as if it is from one of your contacts, bearing a usual subject line. The hackers cleverly include an attachment in this mail that comes from a Mark Maunder, the CEO of WordPress security plugin Wordfence. When you click on the attachment to preview it, a new tab opens to what looks like a Gmail login page. However it isn’t genuine. If you enter your email and password, hackers will have stolen your credentials and have full access to all of your emails. Here are the links that the hackers are using –

Fake login page:data:text/html,https://accounts.google.com/ServiceLogin?

Gmail login page: https://accounts.google.com/ServiceLogin?

Once the hackers obtain your credentials, they move on to use your mail data to send the same links to trap other of your contacts.

Email Security on computer keyboard background gmail

So how can stop from being a victim of this phishing? Well firstly, check if you haven’t already been a victim of the crime. This can be done by a simple check of your browser history to see if any logins from unknown sources has been done. Experts say you should also look for the “lock” icon next to the address bar denoting a secure website. While it’s not a fool proof method because scammers sometimes host their pages on secure servers, it’s a common sense step to take. In any case, changing passwords would be the best thing.

Secondly, look out for suspicious links and if the URL begins with: data:text. Also, if you widen out the bar, you will see there is a lot of blank space which may not be visible at first. After the blank space is the file that actually opens in a new tab. A wise decision would also be to enable a two factor authentication for logging in to your Gmail. So on top of the username and password, there would be an extra layer of security that will require an extra piece of information.

gmail-window phishing google

Google put out an official statement about the situation saying, “We’re aware of this issue and continue to strengthen our defences against it. We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.

Phishing or no phishing, it is always best to keep a track of the emails you are opening and changing your passwords from time to time.