homehome Home chatchat Notifications


Here's how to stay safe from the latest phishing scam plaguing Gmail

Stay safe.

Alexandru Micu
January 18, 2017 @ 6:40 pm

share Share

A phishing scam that’s so convincing it even fooled experienced technical users is going around on Gmail, trying to get a hold of your login details.

Image credits Gerd Altmann / Pixabay.

It looks like a genuine email one of your friends sent you. There’s even an attachment — something important that he or she is sending you. When you try to download it, you’re taken to a page requesting your log-in credentials. Huh. Must be those wacky Google geeks, always working hard to improve security. You log in.

Congratulations my friend, you’ve just hacked yourself.

How to spot it

The scam is one of the most convincing ever made, and works to trick users into giving up their user credentials, thus allowing the attacker full access to their inbox. It all starts with one email containing a rogue PDF attachment. This message will come from people in your own address book and it’s extremely convincing, even copying their style of writing and to a certain extent, personal touches such as commonly used idioms or smiley faces.

Once you click on the attachment, you will be redirected to a phishing page that looks like the Google sign-in. The scam doesn’t seem to trigger Google’s HTTPS security warnings which usually tell you you’ve reach a shady page. Immediately after you log in, the attackers access your account and use one of your own attachments and subject lines to form a malicious email that is sent to your entire contact list.

A HackerNews user reported on the scam:

“They went into one student’s account, pulled an attachment with an athletic team practice schedule, generated the screenshot, and then paired that with a subject line that was tangentially related, and emailed it to the other members of the athletic team.”

“It may be automated or they may have a team standing by to process accounts as they are compromised.”

Thankfully, Mark Maunder of Wordfence, the company that provides security services for WordPress, discovered the scam.

“Once they have access to your account, the attacker also has full access to all your emails including sent and received at this point and may download the whole lot,” he wrote on Wordfence.

“Now that they control your email address, they could also compromise a wide variety of other services that you use by using the password reset mechanism including other email accounts, any SaaS services you use and much more.”

How not to be phished

Maunder recommends enabling two-factor authentication for your account so no one else can access it even if your credentials are compromised. He also says you should keep an eye out for “data:text/html” in the browser location bar, as it’s a clear sign of a fake page.

“You should also take special note of the green colour and lock symbol that appears on the left. If you can’t verify the protocol and verify the hostname, stop and consider what you just clicked on to get to that sign-in page.”

share Share

This 5,500-year-old Kish tablet is the oldest written document

Beer, goats, and grains: here's what the oldest document reveals.

A Huge, Lazy Black Hole Is Redefining the Early Universe

Astronomers using the James Webb Space Telescope have discovered a massive, dormant black hole from just 800 million years after the Big Bang.

Did Columbus Bring Syphilis to Europe? Ancient DNA Suggests So

A new study pinpoints the origin of the STD to South America.

The Magnetic North Pole Has Shifted Again. Here’s Why It Matters

The magnetic North pole is now closer to Siberia than it is to Canada, and scientists aren't sure why.

For better or worse, machine learning is shaping biology research

Machine learning tools can increase the pace of biology research and open the door to new research questions, but the benefits don’t come without risks.

This Babylonian Student's 4,000-Year-Old Math Blunder Is Still Relatable Today

More than memorializing a math mistake, stone tablets show just how advanced the Babylonians were in their time.

Sixty Years Ago, We Nearly Wiped Out Bed Bugs. Then, They Started Changing

Driven to the brink of extinction, bed bugs adapted—and now pesticides are almost useless against them.

LG’s $60,000 Transparent TV Is So Luxe It’s Practically Invisible

This TV screen vanishes at the push of a button.

Couple Finds Giant Teeth in Backyard Belonging to 13,000-year-old Mastodon

A New York couple stumble upon an ancient mastodon fossil beneath their lawn.

Worms and Dogs Thrive in Chernobyl’s Radioactive Zone — and Scientists are Intrigued

In the Chernobyl Exclusion Zone, worms show no genetic damage despite living in highly radioactive soil, and free-ranging dogs persist despite contamination.