Gmail Phishing Attack

Alert!! Alert!! Alert!! : This is one of the most scary Gmail Phishing Attack 2017

If you are a Gmail user and keeping every Personal documents and Bank Details in your gmail account then you can not ignore this blog post.  Here we are covering a recent Gmail Phishing attack which has been captured by Wordfence in last week of january 2017.

How Gmail Phishing Attack is happening?

Phishing is very common attack. But this is the smartest gmail phishing attack so far. Here is how the attack is happening.

  1. Hacker will send an email to your Gmail account.
  2. That email may come from someone you know who has had their account hacked using this technique.
  3. It may also include something that looks like an image of an attachment you recognize from the sender.
  4. You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again. You check  at the location bar and you see accounts.google.com in there. It looks like this….

5. You go ahead and sign in on a fully functional sign-in page that looks like this:

GMail data URI phishing sign-in page

6. Once you complete sign-in, your account has been compromised.

Why Google won’t fix this and what they should do

Google’s response to a customer asking about this was as follows:

“The address bar remains one of the few trusted UI components of the browsers and is the only one that can be relied upon as to what origin are the users currently visiting. If the users pay no attention to the address bar, phishing and spoofing attack are – obviously – trivial. Unfortunately that’s how the web works, and any fix that would to try to e.g. detect phishing pages based on their look would be easily bypassable in hundreds of ways. The data: URL part here is not that important as you could have a phishing on any http[s] page just as well.”

Google have modified the behavior of the address bar in the past to show a green protocol color when a page is using HTTPS and a lock icon to indicate it is secure.

Gmail phishing secure URI example

They also use a different way of displaying the protocol when a page is insecure, marking it red with a line through it:

During this attack, a user sees neither green nor red. They see ordinary black text:

Preventive Tips:

1. Check the location bar in browser to make sure you are on the correct website before signing in. That will avoid phishing attacks.

 

This phishing technique uses something called a ‘data URI’ to include a complete file in the browser location bar. When you check at the browser location bar and see ‘data:text/html…..’

2. Use Advanced threat protection solution and get alert if the link is secure

Share this blog as much as possible and create awareness. Awareness only can save users from Cyber attacks

copy-of-copy-of-banners-updated-1

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *