(WWBT) - There is a new phishing scam that tricks victims into giving up their Gmail credentials.
The email comes from an account of a known person whose email has already been compromised. In the email, it contains attachments disguised as PDF files.
If a user clicks on the attachment, a new tab will open asking for the user to log in using their Gmail account. The address says account.gmail.com, so it looks legit. However, once the user logs in, several codes show up in the user's browser address bar.
Once they have access to the accounts, they can download a user's emails.
Tech Times says the trick is to recognize the bug that lies in the address bar. The bug hides in plain sight, so it does not get detected.
"The data file "data:text/html" is attached in front of the hostname, which opens up the fake login page," Tech Times says.
A user should make sure there is nothing in front of the hostname in order to prevent the attack.
"Also enabling the two-step authentication available for Gmail can stop the attack from taking place as the hacker would need the OTP (One Time Password) required for completing the login," Tech Times says.
Google released the following statement:
Copyright 2017 WWBT NBC12. All rights reserved