Protect Your Gmail Account From The Latest Phishing Attack!

As a website developer and provider of maintenance services, we make our client’s security a high priority. We spend more time these days researching the latest attack methods than anything else!

Wordfence recently reported a highly effective Gmail phishing technique that you need to understand to avoid being caught. They report that experienced technical users have been hit by this attack.

How it works. 

An attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.

You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again. You glance at the location bar and you see accounts.google.com in there. Keep reading..

What you can do.

When you sign into any service on the web, check the address bar and verify that the address looks correct. It should look like this in Chrome when signing into Gmail or Google:

Gmail phishing secure URI example

Make sure there is nothing before the hostname ‘accounts.google.com’ other than ‘https://’ and the lock symbol. You should also take special note of the green color and lock symbol that appears on the left. If there is a long string of text after the host name, stop and consider what you just clicked on to get to that sign-in page. Keep reading..

Many thanks to our friends at Wordfence for sharing their research.

Stay safe!

 

 

Share This