This year a new phishing scam that takes place through your gmail account may not be as easy to spot. This phishing scam is so well designed that even someone with computer knowledge could fall for it. A simple fake email allures users to type in their Google account login information, giving the attacker the opportunity to compromise and retrieve email data.
The fake email containing a malicious attachment, comes in from the recipient's address book. Keeping it innocent and genuine to create the perfect disguise.
The malicious attachment received in the victim's inbox, uses a PDF image look alike, that when clicked it will redirect you to a phishing page made to appear exactly like a Google sign-in page. After entering your information, your Google account gets compromised and accessed by the attacker.
Mark Maunder, CEO of Wordfence was the one who found the phishing scam and said that the scam was so convincing that even fooled 'experienced technical users'.
How do I protect myself against this scam?
Mark Maunder gives us this advice:
You have always been told: "Check the location bar in your browser to make sure you are on the correct website before signing in. That will avoid phishing attacks that steal your username and password."
To protect yourself against this (attack), you need to change what you are checking in the location bar.
The particular phishing page instead of having 'https://accounts.google.com' it will instead contain "data:text/html,' and of course if you aren't paying close attention you will assume the page is safe and continue on to entering your information.
Believe it or not, this attack has caught off guard many
beginner and experienced users .
Don't be a victim.