Better watch out for your credential, folks, because there’s a new scammer in the neighborhood. According to Google, a new type of Gmail phishing scam has been discovered. What’s even worse is that even the experts had a hard telling if it’s legit or not. Google declared that, for the time being, we should keep a close eye on our Gmail account and to refrain from opening any e-mail with attachments from unknown sources.
If you’ve been complaining that life on the great World Wide Web has become boring, then here’s something that might give you that much-needed wake-up call. According to an online security report received by Google back in January, it would appear that several Gmail users have been tricked into disclosing their account’s credentials.
What is this time, you ask? Someone calling over the phone to tell you that you’ve won a smartphone or maybe one of those flashy messages informing you that you’ve just a truck-load of money for being the 100th client? Well, nothing like that according to Google.
So, what is it then? Google said that the unsuspecting user usually receives an e-mail containing an attachment. The Gmail phishing scam is so cleverly disguised that the user actually believes that it comes from a legit source. After opening the bogus e-mail, the user will have a couple of attachments, usually MS-Word documents.
Now, upon clicking the documents, the browser will redirect you to what appears to be a legitimate Gmail sign-in page. Naturally, to be able to access the attachments, the page will ask you to type in your user and your password. After hitting the sign-in button, it’s bye-bye credentials.
Google said that the Gmail phishing scam looks totally legit apart from one thing – its link. So, one way to see if the mail is legit or not is to take a closer look at the link. If it’s something like https://example, then it’s safe. However, the bogus e-mails which hide the data-stealing pages usually have a data URI such as data: text/html.
As for the attachments, Google said that there are no documents inside these e-mails, but page redirect buttons masquerading as Microsoft Office documents.
So, what’s to be done? First of all, don’t open any e-mails from unknown sources. Second, take a look at its link – if it’s a data URI, don’t open it. Last, but not least, be sure to use Google’s Chrome to open your Gmail account. Google said it recently updated its security protocols in order to flag potential Gmail phishing scams.
Image source: Wikipedia