Gmail phishing scam is even fooling tech-savvy users

August 5, 2018

gmail-phishing-scam-300x217 Theme Builder LayoutIf you use Gmail, you should be aware of a new phishing scam that’s fooling even some of the most tech-savvy users.

The scheme involves a hacker sending their targets an email that includes an attachment, according to security expert Mark Maunder, the CEO of WordPress security plugin Wordfence.

When you click on it, you’re directed to what looks like a Gmail login page, according to Fox News.

But that page is a fake.

If a user enters their email and password, they’re giving their login credentials to hackers who then have complete access to their Gmail accounts.

Sounds easy enough to avoid, right? Not exactly.

The email looks like it comes from a user’s contact. It may even have a subject line that looks authentic. The hackers, who’ve likely compromised that contact’s account, will even rename the attachment to something that appears plausible.

Once the account is compromised, scammers will use the account’s contacts to send more emails in attempts to obtain new login credentials.

Even the URL redirecting users to login to their Google account looks authentic:

To combat this tactic, security experts say Gmail users should enable two-factor authentication, which gives you an extra layer of security. Unless the scammers have access to your phone, they won’t have the access code to get into your account.

Users should look for the “lock” icon next to the address bar denoting a secure website. While it’s not a foolproof method because scammers sometimes host their pages on secure servers, it’s a commonsense step to take.

If you think you’ve already fallen for the scam, you should change your Gmail password immediately. For more information about the scam, click here.

Google said it’s aware of the problem and working to protect their users’ accounts

“We’re aware of this issue and continue to strengthen our defenses against it,” the company said in a statement.

“We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.”

Share this article:

eHost-square-ad Theme Builder Layout

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:


Related Posts

hacked-disney-accounts-are-being-sold-online Theme Builder Layout

Hacked Disney+ Accounts Are Being Sold Online

One week after its launch, hacked Disney+ accounts are what is being discussed rather than the new video streaming service. A week ago, Disney launched a highly anticipated video streaming service, and hackers have already found a way to make a buck while ruining your...

three-pronged-web-service-data-breach-a-cause-for-alarm Theme Builder Layout

Three-Pronged Web Service Data Breach A Cause for Alarm

Three web services recently suffered a web service data breach in August. The news broke from Krebs On Security that users of Network Solutions, and may have received notice that an unauthorized user was able to gain access to certain important...

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup

SEO News and More

SEO News and More

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.