here’s a new Gmail phishing email doing the round which is said to be the “most sophisticated” yet and could lead to hackers getting information stored in your Gmail account.
The scam consists of convincing attachments being sent from user’s email addresses. When the attachment is clicked by the receiver it opens up a Gmail URL prompting people to sign in again.
Once someone signs in the hacker has all of their information and can use it to access files from within their email account.
According to Metro, Mark Maunder of Wordfence has said, “You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again. You glance at the location bar and you see accounts.google.com in there.”
Another person commented, “It’s the most sophisticated attack I’ve seen. The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.”
Google released the following statement on the matter:
“We’re aware of this issue and continue to strengthen our defenses against it. We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.”
Find the Original Article Here