Gmail phishing: Latest cyber attack infects users by mimicking past emails

The incredibly clever technique involves a fake but convincing and functional Gmail sign-in page. A sophisticated new phishing technique that composes convincing emails by analysing and mimicking past messages and attachments has been discovered by security experts.

Discovered by Mark Maunder, the CEO of WordPress security plugin Wordfence, the attack first sees the hacker send an email appearing to contain a PDF with a familiar file name.  It’s the Gmail sign-in page, right? Not quite. A closer look at the address bar will show you that all is not quite as it seems:

(Wordfence)

Unfortunately, the attack’s imitation of the Gmail sign-in page is so convincing that many users will automatically enter their login details, simultaneously surrendering them to the hackers, who can proceed to steal your data and use one of your past messages to compromise another round of Gmail users.

Protecting Yourself 

As carefully-crafted as this attack is, there’s a very simple way to defeat it. All you have to do is enable two-factor authentication in Gmail. Unless the attackers have access to that second factor — say, your phone or a USB cryptographic key — stealing your password won’t allow them to access your account.

Worryingly the scam email can appear to come from someone in a user’s own address book and copy their style of writing, making it seem genuine to the victim, reports MailOnline. The fake also sweeps easily under the radar using simple attachments you’d expect to see on an email, such as a PDF. But when the user clicks on it they are directed to phishing pages – even though they appear to be Google’s own log in page.

The fraudsters send over a message with a thumbnailed version of the attachment. When clicked, it doesn’t open the Gmail previewer. Instead, a convincing Gmail login box is displayed. It’s a trap.

Victims might not notice because of a clever trick employed by this attack. Instead of sending potential victims to a website that could be blocked by protections like Google’s SafeBrowsing system, clicking the attachment loads a full web page worth of code into the browser’s address bar.

Leave a Reply