Then you are at risk of falling for an insidiously clever phishing scam designed to get you to part with your credentials, and eventually your identity. Millions of users log in, send and receive emails daily, making Gmail a prime target for scammers. While Google is aware of the threat and working on a formal solution to address it, learning more about this latest phishing scam can help you spot and avoid it.
This active scam uses a spoofed version of Gmail’s original log-in screen to trick you into adding your password. Once you’ve added your information, the scammer has everything they need to compromise your account.
You’ll receive an email, usually from the email address of someone you know (who has already fallen for the scam). Since the email seems to come from a trusted source, you are more likely to click on the enclosed attachment. When you attempt to click on the preview of the attachment, a new tab will open; this tab contains a convincing Gmail sign in a window.
Once you sign in, the hacker has everything they need to get to work. Access to your Gmail account yields not only personal information but the email addresses of all of your contacts. The scammer will use this information to scope out more victims; they’ll think they are getting a legitimate email from you, and click the attachment, perpetuating the scam.
In addition to using your information to scam your unsuspecting contacts, friends and family members, the hacker can exploit your other accounts as well. Any account you user your Gmail address to log into could be compromised, from your bank account to your shopping and entertainment accounts. If you use the same credentials on multiple sites, your other accounts could be at risk, even if they are not linked to your Gmail use. Only trying your credentials on a site like Amazon could allow the hacker to go on a spending spree before you even realize what happened.
Simple awareness can help you take measures to protect yourself; once you know how the scam works, you are less likely to log into that fake page in the first place. Checking the browser page for the correct URL (without any strange symbols or words in front of the address) and look for the “lock” symbol that signifies a secure connection. The fake page often has a browser address that begins with “data:text/HTML” instead of the header; spot this text and close the window, fast.
Learning more about this rapidly spreading phishing scam can help you protect yourself and your business. Follow our blog to stay on top of the latest network and Internet security news, tips and trends, and contact us for specific solutions designed to keep your business safe.