, ,

Beware of sneaky and effective gmail attack

A new successful gmail phishing attack has come to my attention and it’s so subtle and successful that both inexperienced and experienced technical users are becoming victims. The warning signs of this attack are not easily apparent and therefore the main strategy we can use to protect ourselves against this attack is to pay close attention every time we log into our accounts and to take one extra step to make sure we are not being fooled.

Gmail phishing

This legitimate looking sign-in screen is the start of the problem.

A detailed article by Mark Maunder, the founder of the Wordfence,  (a plugin that I use on my website to protect my site against attacks) explains this dangerous problem so well that I want to encourage everyone to read his article. Essentially, the attackers steal your log in credentials when you log in on their screen and they log in to your account immediately, use one of your actual attachments along with one of your actual subject lines, and send it to people in your contact list. Unlike typical phishing emails, signs like poor grammar are missing. Because it comes to you with legitimate information from your contacts, there is no reason to be suspicious of attachments and links. This is clearly a recipe for continuous disaster.

Unfortunately, it’s near impossible to know you’ve been compromised until it’s too late. But I don’t like to share problems without solutions. The solution or bottom line here is we need to go out of our way and to be very careful every single time we log into Google or Gmail to avoid this attack. We do this by paying close attention to the web address of the site we are signing into. But it’s not enough to glance at the URL and assume it’s okay because you see Google in there. Mark’s article tells you precisely what to look for when logging into your Google or Gmail accounts and essentially, the telling sign of this dangerous URL is the code that follows a long blank section of the URL. See image below:

Malicious URL

Sign of bad URL is space following text which is then followed by more code

If you have an experience related to this attack or to any other sophisticated attack, please share your story in a comment. We may as well do a good deed and help others learn from our own mistakes, right?

Until next time, … Stay Cyber Safe!


Update: Official Statement from Google

Aaron Stein from Google Communications contacted Mark Maunders at 11:30pm PST on Tuesday the 17th of January 2017 to tell him Google is aware of this problem and is taking steps to mitigate it.

Below is the official Google statement:

We’re aware of this issue and continue to strengthen our defenses against it. We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.

Mark Maunders concluded his update by saying, the good news is the official statement “indicates there will be something forthcoming in future releases of Chrome, GMail and possibly other products that can help mitigate this.”

8 replies
  1. Karen
    Karen says:

    It happened to me – and now these hackers are on my computer because I can hear it rev up when i get online and its running hot – but I am still left wondering – WHAT do I do about it?

    • Hayley Kaplan
      Hayley Kaplan says:

      Sorry to hear it happened to you and good question, Karen. There are many things you need to do. First, change your password for gmail. Secondly, do not go to any banking accounts or do any online activity where you are in danger of hackers getting into your accounts. You should run full virus and anti-malware scans. Hopefully you have a backup of all of your important information. You can either set your computer back to factory condition (wipe your computer clean and lose everything on it), hire a professional to remove all infections (your virus protection company is a starting point but there are other companies that do virus removal too) or buy a new computer. Feel free to reach out to me privately via the contact form on my site if you want more guidance or have further questions. Wishing you success with this. Hayley

  2. Cathy B.
    Cathy B. says:

    Wow. Thanks so much for sharing your expertise, knowledge, and passion. I found one of my email addresses had been pwned by LinkedIn and by Adobe, but not pasted. I changed my LinkedIn password recently. I changed Adobe again today. This is great info and I will certainly share it. Bless you Hayley.

    • Hayley Kaplan
      Hayley Kaplan says:

      Thanks for sharing this, Cathy. I had another reader reach out privately with his account logs that show someone else has been logging into his account and he had no idea this was happening until he read this article. So frustrating that cybercriminals are this crafty.


Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply to Hayley Kaplan Cancel reply

Your email address will not be published. Required fields are marked *