WARNING: Has your Gmail been hacked? New phishing scam is frighteningly convincing


Security experts are warning about a new phishing scam which is tricking Gmail users into handing over their login credentials.

Scammers are targeting users of Google’s email service with a new and highly sophisticated phishing technique.

The convincing scam sees cyber criminals attempt to fool users into clicking on fake links which are then used help steal private information such as online passwords and banking details.

The scam was detected by online security firm Wordfence, which explained how the scam works in a post on their website.

According to Wordfence, victims are sent an email to their Gmail account, which includes an attached image or PDF file. The email may even appear to come from a company or organisation they recognise or have had recent correspondence with.

When the link is clicked it opens up a new page that very closely resembles the Gmail login page, where users are the asked to sign into their account.

Image: Wordfence

Image: Wordfence

However, the spoof page is a portal for hackers to steal the victim’s username and password – giving them full access to the account.

Unfortunately the fake login page is so convincing scores of users have already fallen victim to the scam.

One victim told the Hacker News that he was fooled after the hackers sent him an email disguised as a schedule for athletics practice, which had been sent from one of his team members, who had earlier been hacked.

“The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list,” the victim explained.

Image: Wordfence

Image: Wordfence

While the attack is convincing, there are ways you can protect yourself in order to avoid becoming a victim.

One thing to look out for is the web address. Gmail’s legitimate login page begins ‘https://’ and is highlighted in green, whereas the URL for of the scam begins ‘data:text/html,https://’.

To make your Gmail account more secure you should also enable two step authentication, which you can do here.


Comments are closed.