The most effective Gmail and Yahoo Mail phishing attacks and how to avoid them

The most effective Gmail and Yahoo Mail phishing attacks and how to avoid them

This is huge and I am sure you have received this clever phishing attack. A new highly effective phishing technique targeting Gmail and other services has been gaining popularity during the past year among attackers. Over the past few weeks there have been reports of experienced technical users being hit by this.

Researchers at WordFence, a team that makes a popular security tool for the blog site WordPress, warned of the attack in a recent blog post, noting that it has been “having a wide impact, even on experienced technical users.”

Attack Procedure

Here’s how the swindle works. The attacker, usually disguised as a trusted contact, sends a boobytrapped email to a prospective victim. Affixed to that email, there appears to be a regular attachment, say a PDF document. Nothing seemingly out of the ordinary.

But the attachment is actually an embedded image that has been crafted to look like a PDF. Rather than reveal a preview of the document when clicked, that embedded image links out to a fake Google  login page. And this is where the scam gets really devious.

View image on Twitter

Everything about this sign-in page looks authentic: the Google logo, the username and password entry fields, the tagline (“One account. All of Google.”). By all indications, the page is a facsimile of the real thing. Except for one clue: the browser’s address bar.

google login pageScreenshot of Google login page 

Even there, it can be easy to miss the cue. The text still includes the “https://accounts.google.com,” a URL that seems legitimate. There’s a problem though; that URL is preceded by the prefix “data:text/html.”

WordFence gmail phishing scamVia WordFence 

In fact, the text in the address bar is what’s known as a “data URI,” not a URL. A data URI embeds a file, whereas a URL identifies a page’s location on the web. If you were were to zoom out on the address bar, you would find a long string of characters, a script that serves up a file designed to look like a Gmail login page. This is the trap.

As soon as a person enters her username and password into the fields, the attackers capture the information. To make matters worse, once they gain access to a person’s inbox, they immediately reconnoiter the compromised account and prepare to launch their next bombardment. They find past emails and attachments, create boobytrapped-image versions, drum up believable subject lines, and then target the person’s contacts.

And so the vicious cycle of hijackings continues.

How to Stay Safe

Google Chrome users can protect themselves by checking the address bar and making sure a green lock symbol appears before entering their personal information into a site. Because scammers have been known to create HTTPS-protected phishing sites, which also display a green lock, it’s also important to make sure this appears alongside a proper, intended URL—without any funny business preceding it.

In addition, people should add two-step authentication, an added layer of security that can help prevent account takeovers. Experts recommend using a dedicated security token as well.

(Credit sources)

Share this post