Gmail users can easily be vulnerable to a phishing cyber attack which looks so convincing that it tricks users into giving their Google Accounts login details. So, all you users of Google’s email service you better be aware of this phishing cyber scam.
The details of the said vulnerability are as follows- The attack takes place in two parts. First, the hacker will compromise a user’s Gmail account and will browse through his/her contacts list. Then the hacker sends an email with a PDF attachment which seems authentic in all forms. The subject line of the email will be a mimic of previously sent email subject lines.
As soon as the user clicks on the PDF, a smartly camouflaged image will emerge in the user’s browser tab. It will be a Gmail sign-in page which looks so convincing that you will just input the logins giving access to all your email data on an eventual note.
If you are careful enough, you will notice suspicion on the very first go of watching the browser address. The text starts as “data: text/html…” instead of https.
Hence, you better verify the hostname before putting in your Gmail login details.
Also, if you do not notice a green lock symbol in your browser then it’s better you close the tab.
Mark Maunder, the CEO of popular WordPress Security plugin Wordfence has discovered this security vulnerability which is being circulated in the disguise of a phishing scam. Moreover, the scam is so convincing that it even fools experienced technical users.
What’s more concerning about the latest Gmail scam is that hackers who got your credentials can use the access point to download all your emails, use the same logins for your other Google services and could also reset your password, making it impossible for your to gain access to your account in future.
Aaron Stein from Google Communications has admitted that his company is aware of this issue and will soon launch a fix to strengthen Gmail’s defense from phishing attacks.
More details are awaited!