New Gmail phishing scam is fooling veteran users
What's the story
A new online phishing scam targeting Gmail users has surfaced, and reportedly, it is even fooling veteran tech-savvy users. The scam was discovered by Mark Maunder, the CEO of Wordpress security service Wordfence. However, all is not lost, as protecting your credentials from being compromised is rather easy. The rest of the article will explain how to do so.
Phishing procedure
How does the phishing attack work?
The way the phishing attack works is that an attacker sends an email to a user's Gmail account. The email, which will likely include an attachment, can come from someone you know but whose account has already been compromised. When you click on the attachment expecting a preview, the attachment opens in another tab, and asks for your login-credentials. Do NOT provide your credentials.
Definition
What is phishing?
Phishing is a form of fraud through which cybercriminals try and get access to user data like login credentials, credit card numbers and the like. It is usually carried out through emails and instant messaging by masquerading as a legitimate, reputable organization or a person.
Hacked accounts
What happens if your account is compromised?
Once an account is compromised, the attackers gain complete access to all the emails a user has sent and received. The attackers then launch secondary attacks on the user's Gmail contacts through fake emails using an attachment and a subject line the user has previously used. They can also compromise a host of other services which a user accesses through Gmail.
Protective measures
How can you protect yourself from the attack?
The best way to secure your account is to enable two-factor authentication in Gmail which prevents attackers from accessing your account without the second factor (usually your phone or a USB cryptographic key). You can check for, and force-close, unauthorized login activity by clicking "Details" at the bottom right corner of Gmail (from PCs). Change your password immediately if you feel you've been hacked.