Saturday, 21 January 2017

Gmail phishing: Latest Cyber Attack

Gmail phishing
Email phishing isn’t going to be dead anytime soon. Scammer, cyber attackers and hackers are getting smarter with each passing day and they are evolving new ways of convincing people that their mails are true. A new kind of sophisticated phishing technique has been in vogue wherein hackers compose highly convincing emails for the target users. In this technique past messages and attachments of the target users are analyzed before composing such mails which breathes of originality and normality and urges users to click to divulge their critical information.

The Gmail-phishing trend

This particular trend of phishing has been uncovered by Mark Mauder, the CEO of WordPress’s security plugin is called Wordfence. In this particular kind of evolved phishing attack hacker first sends across an email which appears to the user as a normal mail containing a PDF which possess a similar file name as seen earlier by the user.

Another gruesome thing about this PDF is that it carefully contains a disguised image which when clicked by the users launches a new tab will appears just like official Gmail log-in page. In is extremely tough for a normal users to find the minute details which reveals it isn’t the real Gmail sign in page. This can only be found by closing looking at the address bar revealing a script running right there.

So real, so convincing

As stated earlier it is extremely difficult for anyone to find flaws in the webpage design which results in targeted user entering their log-in details without any second thought. Once a user has entered the details then it can be used by the hackers to gain access to account for stealing the data or simply forward one mail to other recipients from the very same mail. In one such incident hackers has successfully hoodwinked an athlete believing their mail and link to be the true Gmail sign-up page.

Thereby they used his accounts log-in details to similar mails to other athletes in the team and within a short whole team’s emails and data were compromised. Hackers don’t waste much time after getting the log-in details. They use target users email account to send out multiple mails with user’s actual subject lines to other people in the contact list.

How to protect yourself from such phishing attack

There are some smart ways to outwit the hackers and stay safe from such attacks. One should always check upon the address of opening links when clicked on any kind of email. In this case the legitimate Gmail page has ‘https://’ address while the phishing attacks links possess ‘data:text/html.https://’. This clearly shows the given link brings the fake url of the Gmail’s sign-up page and it is also too long in nature. The best way to secure your Gmail account is to enable the two form authorization on Gmail wherein users has to insert not just their id and password but they also have to enter a passcode sent to their mobile device to enter their email account.

No comments:

Post a comment

Note: only a member of this blog may post a comment.