Select Page

  • Facebook
  • Twitter
  • LinkedIn
Article by Domain Support
A seriously deceptive phishing scam that targets Gmail users which according to The Hacker News, is “so convincing and highly effective that even tech-savvy people can be tricked into giving away their Google credentials to hackers.” If you have not turned on two factor authentication you could easily be hooked into this phishing scam not knowing you have given your login credentials to a hacker.

How does this phishing scam work?  The hackers first have to fool someone with a Gmail account to login to a fake Google Account login screen. Once the hackers have one Gmail account hacked they have all they need to try to deceive everyone listed in the Gmail contacts by sending them an email that pretends to be from someone they know with a deceptive attachment. The hackers go through the Gmail account email and find any email that was sent with an attachment, i.e., pdf, then send “image attachments that masquerade as a PDF file with a thumb nailed version of the attachment. Once clicked, victims are redirected to phishing pages, which disguise as the Google sign-in page. But it’s a TRAP!”  Naive Gmail users will readily login and give the hacker their password. But this clever login page is so deceptive that even the url seems to be from Google but it isn’t. So the hackers now have your password so they can login to your Gmail account and continue to perpetuate this phishing scam going through more contacts and finding the ones that have sent pdfs to their friends. The number of Gmail accounts hacked using this method is unknown at this time.

As Fortune puts it, “Everything about this sign-in page looks authentic: the Google logo, the username and password entry fields, the tagline (“One account. All of Google.”). By all indications, the page is a facsimile of the real thing. Except for one clue: the browser’s address bar. Even there, it can be easy to miss the cue. The text still includes the “,” a URL that seems legitimate. There’s a problem though; that URL is preceded by the prefix “data:text/html.” You can watch this short video that explains how to know if you are on a fake Google account login screen:

So if you have turned on two factor authentication even though the hackers have your password, they cannot access your account unless they have stolen your mobile phone as well. That is why Connectech recommends turning on two factor authentication.