Phishing attack that targets Gmail users spreading

18 Jan 2017

A dangerous phishing technique that targets Gmail users, which first surfaced about a year ago, has been spreading rapidly.

According to experts, one of the best ways to tell if a website that asked for username and password was genuine or not was to look at the address bar in the browser that pointed to the site's true origin.

However, that simple precaution is not good enough to foil the hackers who used the phishing technique.

According to Wordfence, the maker of a security plugin for Wordpress, the phishing attack starts with an adversary sending an email to a target's Gmail account. The email typically originates from some person on the recipient's contact list whose own account had earlier been compromised.

The email comes with a subject header and a screenshot or image of an attachment that the sender had used in a recent communication with the recipient. When the recipient clicked on the image, a new tab opened with a prompt asking the user to sign into Gmail again.

The fully functional phishing page was designed to look exactly like Google's page for signing into Gmail, with the address bar on the page including mention of accounts.google.com, leading unwary users to believe the page was harmless, Wordfence CEO Mark Maounder wrote. "Once you complete sign-in, your account has been compromised," he said.

With the newly-acquired Gmail credentials, hackers are able to log into the account, scour through the sent messages and pass the bugged email onto other non-suspecting users.

The attack targeted not only Gmail users, but other services as well.

''The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list," shared someone who had experienced the scam, Tech Times reported.