A new phishing scam targeting Gmail users has fooled many people including experts into giving up their Google credentials. The hackers use Gmail credentials to log into an account and pass a bugged email to unsuspecting users. People fall for the trick easily because the malicious email comes from a known sender, whose account has been compromised.
The malicious email contains image attachments in a PDF file. When the user clicks the attachment for a preview, a new tab will open and ask the user to log in his Gmail account again. The location bar shows "accouts.google.com" to fool people into thinking that it is safe and authenticated, so they log in. However, clicking it loads a webpage full of codes and once sign-in has been completed, the account has been compromised.
"The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list," said a user who experienced the scam. The fraudster uses new contacts to spread the malware.
To protect your Gmail account from the phishing attack, you have to scrutinize the address bar. The bug hides in plain sight and is not easily detected.
The hackers use the URI phishing method (or data uniform resource identifier). It is used to attach a data file in the location bar in front of "https://accounts.google.com." The "data:text/html" data file is placed in front of the host name which will open up the fake log in page. To protect your account, make sure there is nothing in front of the host file name and do not forget to verify the protocol and host name. You may also enable the two-step authentication for Gmail to stop the attack as the hacker would need the one-time password needed to complete log in.