Beware! New Gmail Phishing Attack Gaining Steam! How To Stay Safe?
Hackers have reportedly devised a new phishing method which seems to be tricking even the most experienced and tech savvy users into revealing their account details.
Gmail phishing is one of most common methods used by hackers to compromise the online security of naive users. To counter this attack, users should make sure to verify the https:// protocol and hostname in the address bar.
A phishing attack happens when someone tries to trick you into sharing personal information online. By doing so, one can access our personal identifying information, take control of our online accounts, and whatnot.
The highly effective phishing campaign seems to be running on a sophisticated automation feature that pounces on newly compromised Gmail accounts to mount a secondary attack on users in the contact list.
Once hackers have taken over a Gmail account, they launch their secondary attack by sending out emails disguised under recently sent attachments and a relevant subject line. The email comes with a subject header and a screenshot or image of an attachment that the sender has used in a recent communication with the recipient. When the recipient clicks on the image, a new tab opens with a prompt asking the user to sign into Gmail again.
The fully functional phishing page is designed to look exactly like Google’s page for signing into Gmail. The address bar for the page includes mention of accounts.google.com, leading unwary users to believe the page is harmless, Once you complete sign-in, your account has been compromised.
How To Avoid phishing attacks
Be careful anytime you get an email from a site asking for personal information. If you get this type of email:
- Don’t click any links or provide personal information until you’ve confirmed the email is real.
- If the sender has a Gmail address, report the Gmail abuse to Google.
Note: Gmail won’t ever ask you for personal information, like your password, over email.
When you get an email that looks suspicious, here are a few things to check for:
- Check that the email address and the sender name match.
- Check if the email is authenticated.
- Hover over any links before you click on them. If the URL of the link doesn’t match the description of the link, it might be leading you to a phishing site.
- Check the message headers to make sure the “from” header isn’t showing an incorrect name.
Important: If you think your Gmail address has been taken over, recover your compromised Gmail account before sending or opening any other emails.