Phishing attack involving Gmail is going on

Gmail-phishing-attacks
Gmail-phishing-attacks

It is often suggested that whenever you are filling in your login details (your  username or password) always pay close attention to the URL of the link. Does it actually belong to the service? For example, there is a phishing attack going on involving Gmail that prompts people to enter their Gmail login password but the actual link in the URL is not from Gmail. It is from somewhere else.

What does the Gmail phishing attack does?

Over the past few weeks many Gmail users have been receiving a message with an image. The message normally comes from a familiar person (whose account has already been hacked with the phishing attack). Instinctively people click the image to open it but when the click it, another tab opens up and they are prompted to enter their Gmail username and password which normally they do, without paying attention to the URL.  Although people see this Gmail login page:

Gmail account login page disguised by the phishing attack

but if the pay close attention to the URL in the location bar they may observe something like this:

data:text/html,https://accounts.google.com/ServiceLogin?service=mail

As you can see, there is extra text before https://accounts.google.com, and if you are able to copy/paste the entire URL into a text file, you will notice that there is further JavaScript embedded into the location bar. So whatever login details you are entering due to this Gmail phishing attack, they are being saved by the hackers. They will immediately log into your account and carry out further Gmail phishing attacks on people in your contact list. They may use an actual image from your account along with an actual subject line your recipients might be familiar with.

 How to protect yourself from the latest Gmail phishing attack?

You should get alert when you click on the image and then you are prompted to log into your Gmail account again. If you are already logged into then you should be able to open the image automatically instead of having to log in again. This in itself means some sort of Gmail phishing attack is going on. So if you are prompted to log into your account and you feel that you shouldn’t be prompted, this is a hint that something is “fishy”.

Also, make it a habit that whenever you are entering your login details, have a good look at the URL. Is it coming from the actual company, in this case, Google.com? Even if there is a small difference or even if there is one character extra before Google or one of its subdomains, don’t enter your login details. Even if you feel that you need to log in, manually enter Gmail.com into the URL location bar and then login. Most probably, if you are already logged in and you enter Gmail.com and hit enter, you will be taken to your inbox directly without prompting you to login.

Also let the others around you know about this ongoing Gmail phishing attack.

How to know if your Gmail account is already compromised due to the phishing attack?

If some actions are being carried out through your Gmail account without your knowledge, then your account is already compromised. Once your account is hacked due to fishing, there is a great chance that you won’t be able to access your account because they may change your password but if you are lucky enough and they haven’t yet gone to the trouble of changing your password even after carrying out the phishing attack, you still have a chance to salvage your Gmail account.

But how do you know if your Gmail account is already compromised through a phishing attack or any other sort of attack, or even password pilferage? If you can still log in to your Gmail account, log in and go to the inbox. Then scroll down. At the bottom, in the extreme right, you will find a link “Details”.

Click the “Details” link and a popup will give you a list of the devices, the IP addresses and the geographic locations from where your Gmail account has been accessed recently. If there has been some suspicious activity, you will be able to locate it. Just to be on a safer side, you can sign out of all other web sessions and then change your password if you feel that some sort of Gmail phishing attack has compromised your account..

About Amrit Hallan
Amrit Hallan is the founder of TechBakBak.com. He writes about technology not because "he loves to write about technology", he actually believes that it makes the world a better place. On Twitter you can follow him at @amrithallan

Be the first to comment

Leave a Reply

Your email address will not be published.


*