Security researchers have detected that computer criminals are targeting Gmail users with a very dangerous and large-scale phishing attack, protect yourself by reading our article.
Gmail Users Are Warned Of A Dangerous Phishing Attack
Gmail users worldwide should be concerned as security researchers have identified a new and very dangerous phishing attack that is aimed against them. The computer hackers behind it are using very convincing messages that pose as being from Google to steal account credentials from the victims and infect them with malware. The email messages themselves are crafted in such a way to appear as legitimate including the Gooogle domain. Depending on the particular set the emails may also contain attachments.
The computer criminals behind the attack employ a file in the browser location bar which runs once the malicious attachment is activated by the user. This in turn displays a counterfeit login page and uses the official Google domain.
One of the security reports that we reviewed states that at least several employees and students from a school have been compromised by the attack. To this date this was one of the sophisticated attacks that have been conducted against the particular institution. An example attack has incurred the following damage:
The victims are shown with a counterfeit Gmail login screen where they are prompted to enter their account credentials.
Once the criminals attain access to the accounts they spread the malicious attachments and use various subject lines extracted from the emails of the victims. The virus is then sent to contacts of the victim.
The contents of the messages uses the bit.ly URL shortening service to obscure the actual links.
Such hacks can easily be countered by using two-factor authentication which safeguards against such breaches. Phishing attacks are getting more and more sophisticated as the hackers work harder to try to fool their targets into falling for their schemes.
How To Protect Yourself From The Gmail Attack
Users can easily differentiate between legitimate and counterfeit Google and Gmail services addresses by carefully observing the following:
Users need to verify that the HTTPS protocol is enforced by checking for the HTTPS prefix.
The hostname should be Google.com and any additional prefixes of suffixes. Users need to make sure that there is nothing before the “accounts.google.com” address othern than the HTTPS protocol and the lock symbol. The web browsers also check for certificate validity by issuing a green colored lock image.
Two-factor authentication protects the users from such attacks as it enforces a strong second authentication measure.
Users can check if they have already been compromised by visiting the Last account activity page and reviewing for any suspicious activity.