19 Jan 2017
There’s a new phishing scam going around aimed at stealing your Gmail password. The scary thing is that even computer security pros are falling for it.
Gmail is by far the most popular service for email, clocking in at over a billion active monthly users. Gmail is popular for a number of reasons, not least of which is that it’s free. It also has particularly good spam filtering and was created by Google, so it integrates very easily with other Google services, including Android phones.
This new phishing scam is a variation of an old theme. You receive an email from someone in you know because that person’s account was compromised already and the hackers have access to their contact list. That email has a PDF attachment, but the attachment area is actually an image with a link to a phony website. The trick to it is that when you click the attachment area for a preview of the document, you’re actually taken to a phony website that looks like a Google page and prompts you to log in again to view the document. When you log in on that page, you’re giving your login info to the hacker.
There are a few measures this trick takes to make it even harder to detect. The phony login page looks like a legitimate Google page. In fact, the link, at a glance, appears to be a legitimate link as well. If you look at the URL in the address bar, you’ll see data:text/html,https://accounts.google.com and so forth. You need t omake sure there’s nothing before the https part, and that there’s a lock symbol, a hallmark of a legitimately secure website.
The most important thing to do is to make sure you’re noting the URL. If you have accidentally fallen for this scam, make sure you change your password immediately.