It’s worrying because of its effectiveness
There is a huge security threat right now to Gmail users across the world. The scam involves a “highly effective” phishing scam where users are fooled into providing their account details. This can lead to a domino effect of problems with your online life. The scheme has been gaining traction over the past months. It has reached other email services. A TIME report provides details on not falling victim to the rampant scam.
Researchers for WordFence warned users in a blog post of the attack which even has experienced users baffled by its credibility. The attack works in the way indicated below.
The attacker, who is disguised as a trusted contact, sends an unassuming email with an attachment (containing, for example, PDF files). The attachment is crafted to look like an actual PDF. It is, in truth, an image which redirects the victim to a fake Google login page.
The login page is the most frightening part of it all. It looks authentic. The Google logo and the tagline are there. It’s a carbon copy of the real thing. But stop for a moment because ‘logging in’ to this page will compromise your account. Remember, the devil is in the detail.
The easiest way to spot the hack, according to experts, is to look at the address bar where the URL is. The fake page has the words “data:text/html” in the beginning. Here is a photo of the exploit in action with pointers on how to avoid it.
This is disturbingly clever. You get sent to a text/html data URI! Not testing any further but, blimey, talk about using power for evil. pic.twitter.com/TamVn7DBfW
— Tom Scott (@tomscott) December 23, 2016
Apart from being vigilant, users are also encouraged to use the added security features of Gmail such as two-factor authentication and a dedicated security key.