Want to share with your friends too?

18 Jan 2017

New Gmail phishing scam is fooling veteran users

A new online phishing scam targeting Gmail users has surfaced, and reportedly, it is even fooling veteran tech-savvy users.

The scam was discovered by Mark Maunder, the CEO of Wordpress security service Wordfence.

However, all is not lost, as protecting your credentials from being compromised is rather easy.

The rest of the article will explain how to do so.

In context

Protect your account from the new Gmail scam

Phishing procedure

How does the phishing attack work?

The way the phishing attack works is that an attacker sends an email to a user's Gmail account.

The email, which will likely include an attachment, can come from someone you know but whose account has already been compromised.

When you click on the attachment expecting a preview, the attachment opens in another tab, and asks for your login-credentials.

Do NOT provide your credentials.

What is phishing?

Phishing is a form of fraud through which cybercriminals try and get access to user data like login credentials, credit card numbers and the like. It is usually carried out through emails and instant messaging by masquerading as a legitimate, reputable organization or a person.

Love Tech news?

Stay updated with the latest happenings.

Notify Me

Hacked accounts

What happens if your account is compromised?

Once an account is compromised, the attackers gain complete access to all the emails a user has sent and received.

The attackers then launch secondary attacks on the user's Gmail contacts through fake emails using an attachment and a subject line the user has previously used.

They can also compromise a host of other services which a user accesses through Gmail.

Protective measures

How can you protect yourself from the attack?

The best way to secure your account is to enable two-factor authentication in Gmail which prevents attackers from accessing your account without the second factor (usually your phone or a USB cryptographic key).

You can check for, and force-close, unauthorized login activity by clicking "Details" at the bottom right corner of Gmail (from PCs).

Change your password immediately if you feel you've been hacked.

Ask NewsBytes
User Image

Next Timeline