This phishing scam is all too easy to fall for — Gmail PSA
How is it happening? The scheme, which has been gaining popularity in the past few months and has reportedly been hitting other email services, involves a clever trick that can be hard to detect.
Then, the scammer sends out an email with the attachment and the subject line from the compromised user to as many of their contacts as possible. Maunder said the attackers have either automated the scheme, or they have “a team standing by to process accounts as they are compromised”. In the past, you might have recognized a scam by the language in the email. According to WordFence, the answer lies in the address bar. If the user inputs their log-in information, it goes straight to the attacker.
When it comes to phishing scams, experts normally advise users never to click a link or attachment included in a suspicious email. Many breaches appear to be coming from servers in USA data centers, but hackers are actually located overseas and are able to scramble their locations.
These phishing emails put you at risk by impersonating your closest friends and family members.
The image won’t open in a preview. To do so, open Gmail and click on “Details” in the bottom right hand corner of your screen. Immediately after you log in, the attackers access your account and use one of your own attachments and subject lines to form a malicious email that is sent to your entire contact list. Unfortunately, that’s not what the hackers are looking for.
Take this new method, for example: It’s been making the rounds for a few months now, but is just now coming to light as those affected realize what’s happened.
And now, you’re locked out of your account.
While the attack is convincing, there are ways you can protect yourself in order to avoid becoming a victim.
Gmail offers what is called a two-step authentication.
Google also allows you to see your account login activity to see the dates and times your account may have been accessed. Then, it sends fake emails, which look very much legitimate, to everyone. Remember in image 2 what it said? Good cyber criminals know that the public is getting wise, which is why their methods keep on getting sneakier. That’s the place where you type in a website address.
The beginning portion of the URL should read “https://accounts.google.com” but if it reads “data:text/html” before the HTTP portion of the URL, do not enter your credentials. That’s the big flag.
The new tab, which contains “accounts.google.com” in the address bar, prompts the user to login.
If you are anxious you may have been affected by this scam already, you should change your password immediately.
Even frequent Gmail users are falling for the scam.
When you sign into any service, you should check the browser bar to verify the protocol and hostname.
Though the scam is hard to detect, there are ways to know it when you see it.