Okay, so maybe the title is a little aggravating, but so is the scam. A recent reveal has shed light on a brand new method that is being used by hackers to steal Gmail details. And the method ladies an gentlemen, is clever enough to fool the pros. Lets take a look.
The news comes from security expert Mark Maunder, who is also the CEO of WordPress security plugin Wordfence.
So here is how the hack takes place: You receive an e-mail that also consists of an attachment. The e-mail may or may not come from one of your contacts, depending upon whether they have been hacked or not. The method being used is called phishing and it used to be very successful, until Internet awareness made it mostly redundant. However, these hackers have improved upon the method to get the ball rolling again.
So once you click on the attachment, you will be redirected to a Gmail login page that looks identical to the actual Gmail page. You will then be prompted to enter you user name and password. You will probably enter it too, considering that the pages are identical to the real pages. And in case you are thinking, oh I am so smart, I will check the address bar first — think again.
The URLs look pretty similar so there is a very likely chance that an unsuspecting user could end up entering his/her login details.
Fake login: data:text/html,https://accounts.google.com/ServiceLogin?
Real Gmail login page: https://accounts.google.com/ServiceLogin?
Once they have your details, they can then repeat the process with all of your contact and so on.
Meanwhile, you have the option of activating two-factor authentication to ensure that you don’t fall prey to this problem. Since two-factor requires you to submit an OTP that is sent to your mobile device. Finally, make sure that that any pages that require you to enter login credentials have that green lock that tells you that it is safe.
As per Google,
We’re aware of this issue and continue to strengthen our defenses against it. We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.
The post Hackers are taking over the Gmail accounts of pro users with a phishing technique appeared first on NewsPR.