Insidious Phishing Attack Infecting Gmail Users

Media Division | January 18, 2017

Phishing campaigns are one of the most common forms of cyber attacks.  Oftentimes, they can infect a system quite easily through one undereducated person clicking on a malicious link or attachment.  Though, some phishing attacks tend to be much more sophisticated than others.  A recent phishing technique discovered by Wordfence, the creator of a security plugin for WordPress, has been found to be able to compose legitimate looking emails by analyzing and mimicking past emails and attachments.  The campaign has been directed at Gmail users and deceives them into divulging their login details.

The cyber attacker, disguised as a legitimate contact, will send an email to the potential victim.  There will appear to be an attachment in the email, such as a PDF, which actually turns out to be an image containing an outbound link.  When clicked on, instead of opening the apparent attachment, it will link to a fake Google login page.  The page appears identical to the authentic Google login page, including the graphics, username and password fields, right down to the tagline of (“One Account. All of Google.”)  It is a very well designed fake, and the only indication of the counterfeit is the URL, which varies from the actual Google page.  Specifically, there is additional script prior to the actual URL.  If the potential victim is fooled by the page, and enters their login details, the information is then immediately received by the attackers.

The scam is clever in the way that it then uses the exploited person’s contacts and past emails to perpetuate the attack onto others.  Once they obtain access to the individual’s account, they search out past emails, subject lines, and attachments to create further fabricated emails to deceive the person’s contacts.

How to Protect Your Gmail Account from Attacks

Google is aware of the campaign making its way around, and said in a statement to Wordfence,

“We’re aware of this issue and continue to strengthen our defenses against it. We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.”

Aside from two step verification, there are a couple other ways to help protect your account from phishing as well.  For instance, be sure to look for the green lock symbol in the address bar, which indicates a secure page.  You can also verify the URL if the site or email seems suspicious.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.