Dangerous Gmail Phishing Attack

Posted on by January 18, 2017

Published January 12, 2017 at 03:02 PM EST
Updated January 18, 2017 at 10:42 PM EST
— Added update notice regarding WordFence’s article.

Hi all.  I wanted to let you know about a dangerous and highly effective Gmail Phishing attack that’s been circulating around.  It’s very tricky and works even on technically savvy users.  Also, even though it’s targeted toward Gmail users, it could probably be adapted to other platforms such as Facebook, etc.

This could apply to you or your friends.  It’s complicated, but as I understand it, you get an email from a friend (who was hacked).  It has a thumbnail image which you click to see.  The image may look familiar and be appropriate to the sender or even be something you know the sender would have.  Your browser pops up and asks you to login to Gmail, which is fake, but you don’t know it.  Even a cursory glance at the address bar shows google.com, as you would expect.  If you complete the sign in procedure, the hackers take over your account.  Then the hackers possibly lock you out of your account and definitely use it to hack your friends as well, using your contact list and your attachments.  They can also access your entire email history and use your Gmail account for password resets on other sites.

Much more detail is shown in the blog post where I got this info over at WordFence.  Even though WordFence is a WordPress specific plugin, this info is relevant to a much wider audience.  WordFence has added an update at 11:30pm on Tuesday January 17th.

https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/

If you receive such an email from your friends or associates, be very suspicious.  If something pops up and asks you to login, look for “https://” at the far LEFT of the address bar in your browser, followed by the site name (ie google.com) of the site you’re being asked to login to.  Also, consider whether a login screen is appropriate, ie, are you already logged in?  If you think you’re about to be hacked, do not enter data in the login screen.  Immediately close your browser.  If you think you’ve been hacked, and if you still can, close all your browsers, reopen one, and login to Gmail (or other relevant account) the normal way and immediately change your password.

Consider adding 2 factor authentication to your account.  See other articles on my site about that.:

https://techstarship.com/category/2fa/

Good luck and stay safe.

Ron