E-mail phishing is the most common way hackers steal confidential data. The tech-savvy generation is probably aware of most of the gimmicks used by hackers, including sophisticated phishing attacks. Yet, a growing number of users are falling prey to attacks specifically designed to lure users into the trap. And the latest Gmail phishing scam is no exception.

Gmail Tips and Tricks

New Gmail phishing scam spotted

Several unsuspecting users have already fallen prey to the latest Gmail phishing scam. The scam is so cleverly designed that it’s almost impossible to identify the e-mail as a form of phishing attack. The e-mail looks convincing and prompts the user to open an attachment. The e-mail’s attachment – an embedded image – when clicked, takes the unsuspecting user to a fake Google sign-in page. Once you enter your credentials you have successfully fallen prey to the hacker’s phishing attack.

image source: Lifehacker

The problem with such phishing scams is that the fake pages appear strikingly similar to normal Google sign-in page. The logo, the UI, the text boxes, taglines – all look similar. Any unsuspecting user will instantly mistake it for the genuine Google sign-in page and enter his credentials. Wordfence had warned about the phishing attack back in January and Google instantly made some changes in Chrome browser to warn users about the phishing attempt.

How do I know if it’s a phishing scam?

Well, the sign-in page may appear strikingly similar to authentic Google sign-in page but there’s one thing that can be used to identify phishing attacks. Google sign-in page usually shows “https://” while the page directed by the image in the phishing e-mail takes you to a page with URL that starts with “data:text?html”. So the next time an e-mail directs you to a page that asks for your sign-in credentials, don’t forget to check the URL address to ensure the page you just landed on is the authentic Google sign-in page.

If you have updated Google Chrome browser, it must warn you against fake sign-in pages. Google Chrome immediately prompts you with a “Not Secure” warning whenever it detects a phishing attack. But if you use browsers other than Chrome, it does help to know the basic method of identifying phishing attacks and taking adequate measures to prevent falling prey to one.

Check Also: