A Highly Effective Phishing Technique Exploited By Google

According to the Google analysis, a corporate email account is likely to receive the malware, phishing and spam emails than a personal inbox. The Gmail service of Google’s has more than 1 billion active System users and the company says it blocks the hundreds of billions of attacks aimed at these accounts. A new highly effective phishing scam has been identified by the security researchers that targets the Gmail and other services. Newly detected phishing attack has been gaining popularity in the past few months and reportedly hitting other services involving the clever trick.

How does the swindle work?

The attacker usually sends an email to your Gmail account which disguised as a trusted contact. That email may include an image of an attachment or PDF that come from the unknown senders. Nothing seemingly out of the ordinary. But actually, the attachment is an embedded image has been crafted to look like a PDF. When you click on the image, it will lead you to fake Google login page rather than reveal a preview of the document. Now, here the scam gets really devious. Everything on this sign in page looks authentic including the username and password entry fields, the logo of Google and the tag-line. With these indications, the page looks like real except for one clue that is the browser’s address bar.

The text still includes the “https://accounts.google.com,” an URL that seems legitimate. But there is a problem that URL is preceded by the prefix “data: text/html.” This text is known as a “data URL” not URL which embeds a file. If you were zoomed out on the address bar then you would find a long string of characters and a strip that serves up a file designed to look like a Gmail Login page.

Once you complete the sign-in process after entering the username and files, the cyber hackers capture your details. To make worse, they immediately explore the compromised account and prepare to launch next bombardment. After gaining access to the attack, the remote attacker has full access to your all emails such as received and sent emails.

Know how to protect yourself against Phishing attack

Always check the address bar and making sure a green lock symbol appears before entering the personal data.

  1. Convert the HTML email into text-only email message
  2. Keep your all System programs, latest security patches etc updated.
  3. Deploy a SPAM filter that detects the blank senders, viruses, spam email etc.
  4. Develop a System security policy
  5. Add the layer of security that can help prevent account takeovers.

Leave a Comment

Your email address will not be published. Required fields are marked *