Gmail Phishing Scam: What to do if you've been duped and what steps to take next
A recent phishing attack on Gmail accounts has hoodwinked scores of users, even those who normally don't fall victim to such scams.
It not yet known whether the scam itself is the product of sophisticated automation technology or a team of individuals, but, according to Forbes, security researchers warn this is a highly sophisticated and effective attack, and users should do everything they can to protect their accounts.
The scam
Though the scam is difficult to detect, there are ways to know it when you see it. If you get an attachment from a contact you know that opens onto a login page, be suspicious.
Once a user is targeted, the criminals use the user's contacts to find a way into other accounts. After they have one person's password and account information, they are seeking two things:
• An attachment that was previously sent by the user
• A relevant subject line that can be used to lure in contacts
Then, the scammer sends out an email with the attachment and the subject line from the compromised user to as many of their contacts as possible. When a person receives the email, it will appear as though someone they know is sending an important attachment. The subject line sounds legit and so many individuals open the attachment.
Instead of opening the Gmail previewer, though, a login box appears, looking just like the regular Google login. There are only a few ways you can tell something fishy is going on.
You get the "One Account. All of Google." message, and everything looks right. But if you glance up at the address bar, you can see the phrase "data:text/html," before "https://accounts/google.com." Indeed, the address isn't an address at all: it's a complicated line of code, and once you put your login information in, it's up for grabs.
How do I avoid the attack on my Gmail account?
The best way to avoid the scam is to enable two-factor authentication (2FA). However, Security Week claims there's a possibility the hackers could still identify your 2FA code if they're able to quickly get your password.
The best way to avoid the scam is remaining vigilant and carefully checking the attachments that are sent to you. Did you already get an attachment like it, or does the message seem a bit out of the blue? When you open the attachment, does it take you to a login screen or another website? If it does, don't input your information.
Mail Guard suggests double-checking the URL of any websites asking for your login info and being wary of attachments sent unexpectedly, even from someone you know.
What if I've already been attacked?
If you think you've already fallen for the scam, change your Gmail password immediately. Then, go to your Google account activity page and review all your current sessions. If you notice sessions that seem suspect or that aren't associated with any of your devices, kick them off.
What is Google doing to protect accounts?
Security Week states Google has been aware of this scam since March. The Chrome security team is discussing possible options to help protect accounts, such as adding a tag reading "Not Secure" to the address bar of URLs that begin with data; and blob;.