New phishing scam targets Gmail users

Published: Jan. 17, 2017 at 6:45 PM EST|Updated: Jan. 18, 2017 at 11:41 AM EST
Email This Link
Share on Pinterest
Share on LinkedIn

(WWBT) - There is a new phishing scam that tricks victims into giving up their Gmail credentials.

The email comes from an account of a known person whose email has already been compromised. In the email, it contains attachments disguised as PDF files.

If a user clicks on the attachment, a new tab will open asking for the user to log in using their Gmail account. The address says, so it looks legit. However, once the user logs in, several codes show up in the user's browser address bar.

Once they have access to the accounts, they can download a user's emails.

Tech Times says the trick is to recognize the bug that lies in the address bar. The bug hides in plain sight, so it does not get detected.

"The data file "data:text/html" is attached in front of the hostname, which opens up the fake login page," Tech Times says.

A user should make sure there is nothing in front of the hostname in order to prevent the attack.

"Also enabling the two-step authentication available for Gmail can stop the attack from taking place as the hacker would need the OTP (One Time Password) required for completing the login," Tech Times says.

Google released the following statement:

We're aware of this issue and continue to strengthen our defenses against it. We help protect users from phishing attacks in a variety of ways, including: machine learning-based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.

Copyright 2017 WWBT NBC12. All rights reserved

Report an Error or Submit a Tip to NBC12