Gmail phishing: Latest cyber attack infects users by mimicking past emails
A sophisticated new phishing technique that composes convincing emails by analysing and mimicking past messages and attachments has been discovered by security experts.
Discovered by Mark Maunder, the CEO of WordPress security plugin Wordfence, the attack first sees the hacker send an email appearing to contain a PDF with a familiar file name.
That PDF, however, is actually a cleverly disguised image that, when clicked, launches a new tab that looks like this:
It’s the Gmail sign-in page, right? Not quite. A closer look at the address bar will show you that all is not quite as it seems:
Unfortunately, the attack’s imitation of the Gmail sign-in page is so convincing that many users will automatically enter their login details, simultaneously surrendering them to the hackers, who can proceed to steal your data and use one of your past messages to compromise another round of Gmail users.
In an example described by a commenter on Hacker News, the hackers emailed a link disguised as an athletics practice schedule from one member of the team to the others.
“The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list,” added the commenter.
Impressive as the attack is, there are ways to protect yourself.
The most obvious giveaway is that the legitimate Gmail sign-in page’s URL begins with a lock symbol and ‘https://’ highlighted in green, not ‘data:text/html,https://’. However, if you hit the address bar, you’ll also see that the fake page’s URL is actually incredibly long, with a white space sneakily hiding the majority of the text from view. Maunder also recommends enabling two-factor authorisation on Gmail, which you can do here.