Gmail Phishing Attack

Gmail Phishing Attack

I have received the following alert from a security company regarding a widespread phishing attack running through Gmail.

In summary, people are receiving an email from someone they know (whose account has been hacked) and may include an image of an attachment you may recognise from the sender.

When you click on the image expecting Gmail to show a preview instead you get a Google login page except that the address bar will show

and not start with the usual https – otherwise its exactly the same as the Google login page!  As soon as you enter your details they have stolen your account name and password, will use them fairly quickly and pick up one of your emails and attachments and send it around your address book.  Because they have your email they can then use other services they find in your email and get your passwords (using the forgot password facility) and you are very compromised.

When you log into any service you should check the protocol in the address bar and it should look something like this

with nothing between the lock symbol and the https (apart perhaps for the word “Secure” or the company’s name as in)

I would recommend reading the full blog highlighting this attack method and offering advice regarding protecting yourself.

Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited