Gmail phishing: Latest cyber attack infects users by mimicking past emails
The incredibly clever technique involves a fake but convincing and functional Gmail sign-in page
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A sophisticated new phishing technique that composes convincing emails by analysing and mimicking past messages and attachments has been discovered by security experts.
Discovered by Mark Maunder, the CEO of WordPress security plugin Wordfence, the attack first sees the hacker send an email appearing to contain a PDF with a familiar file name.
That PDF, however, is actually a cleverly disguised image that, when clicked, launches a new tab that looks like this:
It’s the Gmail sign-in page, right? Not quite. A closer look at the address bar will show you that all is not quite as it seems:
Unfortunately, the attack’s imitation of the Gmail sign-in page is so convincing that many users will automatically enter their login details, simultaneously surrendering them to the hackers, who can proceed to steal your data and use one of your past messages to compromise another round of Gmail users.
In an example described by a commenter on Hacker News, the hackers emailed a link disguised as an athletics practice schedule from one member of the team to the others.
“The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list,” added the commenter.
Impressive as the attack is, there are ways to protect yourself.
The most obvious giveaway is that the legitimate Gmail sign-in page’s URL begins with a lock symbol and ‘https://’ highlighted in green, not ‘data:text/html,https://’. However, if you hit the address bar, you’ll also see that the fake page’s URL is actually incredibly long, with a white space sneakily hiding the majority of the text from view.
Maunder also recommends enabling two-factor authorisation on Gmail, which you can do here.
“We're aware of this issue and continue to strengthen our defenses against it,” Google said in a statement after this article was published.
“We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.”
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments