Gmail phishing: Latest cyber attack infects users by mimicking past emails

The incredibly clever technique involves a fake but convincing and functional Gmail sign-in page

Aatif Sulleyman
Tuesday 17 January 2017 17:56 GMT
Comments
The attack disguises an image as a familiar-feeling PDF
The attack disguises an image as a familiar-feeling PDF

A sophisticated new phishing technique that composes convincing emails by analysing and mimicking past messages and attachments has been discovered by security experts.

Discovered by Mark Maunder, the CEO of WordPress security plugin Wordfence, the attack first sees the hacker send an email appearing to contain a PDF with a familiar file name.

That PDF, however, is actually a cleverly disguised image that, when clicked, launches a new tab that looks like this:

(Wordfence

It’s the Gmail sign-in page, right? Not quite. A closer look at the address bar will show you that all is not quite as it seems:

(Wordfence

Unfortunately, the attack’s imitation of the Gmail sign-in page is so convincing that many users will automatically enter their login details, simultaneously surrendering them to the hackers, who can proceed to steal your data and use one of your past messages to compromise another round of Gmail users.

In an example described by a commenter on Hacker News, the hackers emailed a link disguised as an athletics practice schedule from one member of the team to the others.

“The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list,” added the commenter.

Impressive as the attack is, there are ways to protect yourself.

The most obvious giveaway is that the legitimate Gmail sign-in page’s URL begins with a lock symbol and ‘https://’ highlighted in green, not ‘data:text/html,https://’. However, if you hit the address bar, you’ll also see that the fake page’s URL is actually incredibly long, with a white space sneakily hiding the majority of the text from view.

Maunder also recommends enabling two-factor authorisation on Gmail, which you can do here.

“We're aware of this issue and continue to strengthen our defenses against it,” Google said in a statement after this article was published.

“We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in