Skip to main content »

Phishing Attack Hitting Gmail Users – What You Need to Know

Cybersecurity

Abacus is committed to keeping you up-to-date on the latest hacks, ransomware attacks, and scams potentially affecting our user’s lives, and unfortunately, this is one of those articles. This latest phishing scam, which is being called “frighteningly effective” by cyber experts, works in the following ways:

You’ll receive an email in your inbox from one of your contacts who has already been hacked. The email appears to include an attachment, generally named “Invoice”.

So far, so good.

But if you look closely, like Twitter User @tomscott did, you’ll notice that the image preview for the attachment looks.. off.

Why does the attachment look fuzzy? Because there isn’t actually an attachment, just an image designed to look like one.

Look closely below:

If you click on the image, you are sent to a page that looks like a standard Google sign-in page (take our word for it). And once you login with your credentials, the hacker can read and download all of your emails.

While hackers have been working hard to make emails look this realistic for quite some time, there are things you can do to spot a fake. According to Satnam Narang, Senior Security Response Manager at Norton by Symantec, says “The best way to identify this attack is to look at the address bar. In this case, look for the words 'data:/text/html' at the beginning of the URL. If you see this, close the browser tab and alert your friend that their account has been compromised."

Narang also recommends setting up two-factor authentication and passwords that have a 12-character minimum, includes numbers and symbols, and doesn’t rely on obvious substitutions.

Google has since made the following statement about the scam, “We're aware of this issue and continue to strengthen our defenses against it. We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.”

Believe me, we love Google products, but we don’t integrate with its suite of applications for this reason. But we are holding out hope that, someday, the days of Google hacks will be over.

Share this article