Alert issued for Gmail phishing scam

Google is warning Gmail users to activate two-step verification to protect their accounts after the discovery of what is being called a highly effective phishing technique targeting Gmail and other services that tricks recipients into giving away their login credentials.

The technique, which spoofs a Google address, has been used for several months but got attention last week with the publication of an alert from WordFence, which makes a WordPress security plug-in. Briefly, an attacker sends an email to the target’s Gmail account which comes from someone the recipient knows but who’s account has been hacked. The email includes what appears to be an image of an attachment.

When the target clicks on the image a new tab opens up the recipient is seemingly prompted by Gmail to sign in again. If the target looks at the URL bar they might see something that includes  accounts.google.com to make the message look legitimate — like this:

(Image from WordFence)

Having captured the target’s login, a process is started where malware grabs names in the contact list and emails the message to them — and the attacker has access to all of the recipients’ mail.

In a statement Tuesday a Google official said: “We’re aware of this issue and continue to strengthen our defenses against it. We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more.”

This technique isn’t only being used for Gmail, and can be used on any messaging platform. One of the first warning signs is an application that asks a user to sign in a second time.

WordFence warns people that a better warning is right in front of the user: Instead of the URL starting “https…” it starts “data:text….”

CISOs should warn employees that when signing into ANY service check the browser location bar and verify the protocol, then verify the hostname. It should look like this in Chrome when signing into Gmail or Google:

Gmail phishing secure URI example

Enabling two-factor authentication in any messaging app will also help if the user has made a mistake.

That green coloured “https” is another sign things are all right. This is what a URL bar looks like if things are bad:

WordFence also notes that if you use GMail, you can check your login activity to find out of someone else is signing into your account by going to  https://support.google.com/mail/answer/45938?hl=en . Scroll to the bottom of your inbox and click “Details” (very small in the far lower right hand corner of the screen). This will show all currently active sessions as well as recent login history. If there ared active logins from unknown sources, you can force close them. If you see any logins in your history from places you don’t know, you may have been hacked.

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now