A new successful gmail phishing attack has come to my attention and it’s so subtle and successful that both inexperienced and experienced technical users are becoming victims. The warning signs of this attack are not easily apparent and therefore the main strategy we can use to protect ourselves against this attack is to pay close attention every time we log into our accounts and to take one extra step to make sure we are not being fooled.
A detailed article by Mark Maunder, the founder of the Wordfence, (a plugin that I use on my website to protect my site against attacks) explains this dangerous problem so well that I want to encourage everyone to read his article. Essentially, the attackers steal your log in credentials when you log in on their screen and they log in to your account immediately, use one of your actual attachments along with one of your actual subject lines, and send it to people in your contact list. Unlike typical phishing emails, signs like poor grammar are missing. Because it comes to you with legitimate information from your contacts, there is no reason to be suspicious of attachments and links. This is clearly a recipe for continuous disaster.
Unfortunately, it’s near impossible to know you’ve been compromised until it’s too late. But I don’t like to share problems without solutions. The solution or bottom line here is we need to go out of our way and to be very careful every single time we log into Google or Gmail to avoid this attack. We do this by paying close attention to the web address of the site we are signing into. But it’s not enough to glance at the URL and assume it’s okay because you see Google in there. Mark’s article tells you precisely what to look for when logging into your Google or Gmail accounts and essentially, the telling sign of this dangerous URL is the code that follows a long blank section of the URL. See image below:
If you have an experience related to this attack or to any other sophisticated attack, please share your story in a comment. We may as well do a good deed and help others learn from our own mistakes, right?
Until next time, … Stay Cyber Safe!
Update: Official Statement from Google
Aaron Stein from Google Communications contacted Mark Maunders at 11:30pm PST on Tuesday the 17th of January 2017 to tell him Google is aware of this problem and is taking steps to mitigate it.
Below is the official Google statement:
We’re aware of this issue and continue to strengthen our defenses against it. We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.
Mark Maunders concluded his update by saying, the good news is the official statement “indicates there will be something forthcoming in future releases of Chrome, GMail and possibly other products that can help mitigate this.”