If you were the recipient of a phishing e-mail, how confident are you that you wouldn’t open it and download any attachments?
According to Verizon’s 2016 Data Breach Investigations Report, 30% of phishing e-mails are opened. That may not seem like a lot at first glance, but in the world of e-mail open rates, that’s a significant percentage.
What’s scary is that a new Gmail phishing scam may be getting an even higher open rate because it’s going above and beyond normal phishing tactics to trick users. According to Wordfence, who first called attention to the sophisticated attack, this scam is “having a wide impact, even on experienced technical users.”
How the Gmail Phishing Scam Works
Why is this phishing scam reeling in so many victims? Because it begins by sending you an e-mail from someone you already know—someone that may have just had their account stolen. The e-mail is from an individual that’s already on your contact list and contains information that may look familiar and “normal.”
Once you open the e-mail, there will be an attachment of some sort that, at first glance, appears to be legitimate. If you click on the attachment to get a preview, it will take you to a Gmail login page. At first glance, the page looks 100% real; there are no spelling errors, fuzzy graphics, or other trademarks of hastily-made phishing websites. The only telltale sign can be found in the page’s URL—and even that is hard to spot if you just look quickly because it includes the normal “accounts.google.com” address. At the beginning of the URL, you’ll see “data:text/” and that is not something that should be there. You should also see a green lock symbol at the start of the URL if you are using Chrome.
Those who don’t notice the URL problem just sign into the Gmail login page using their credentials, thinking that everything is fine. Once you submit your username and password, though, it’s all over. The hacker almost immediately logs into your Gmail account and then uses your personal inbox to try and scam other people. They will scan your old e-mails, take screenshots, replicate subject lines, and create new e-mails to trick your contacts.
With your Gmail account in his or her possession, the hacker is poised to compromise your personal information in any number of ways. Taking control of your e-mail may just be the beginning.
If you’re not a Gmail user, don’t be complacent and think this phishing scam doesn’t affect you. This type of scam is being used across various e-mail platforms but is making headlines for tricking Gmail users who tend to be more technologically savvy as a whole. Any e-mail you receive that includes an attachment and/or asks you to input login credentials should be carefully examined before moving forward. Take a few moments to look for signs of a phishing scam, like a strange URL, and you may just protect your entire identity.