Gmail users are being threatened with the theft of their personal information by a new phishing scam.
The phishing scam has been active since at least January, as Word Fence issued the first warning that is was active.
Despite having been discovered some time ago, the technique has become well known due to increasing reports. According to a range of reports, the new technique is notch above the typical phishing attack that most will be able to spot immediately.
Following this warning, Google set about trying to introduce a line of defence by implementing the Chrome browser to make users aware if the phishing attempt was present.
Although the technique is not limited to the hunting ground of Gmail, it has generated the most significant body of reports so far. The fraudulent email will apparently contain an embedded image that adds greatly the air of legitimacy, and it will often be sent from a familiar individual’s account that has already been compromised.
A phishing attempt is usually made by an attacker sending out emails while trying to appear as someone known to the user, or as a reputable business so as to encourage trust and ultimately to follow a link or open an attachment.
If the unsuspecting user makes the mistake of taking the next step of accessing the contents of the fraudulent email, they are often presented with a highly realistic looking login page that will harvest the victim’s username and password if typed in.
This is the case with the new phishing scam, as it is said that once signed in to the fake page when prompted, the hacker will have complete control of the account.
Patrick Wheeler, director of Threat Intelligence for Proofpoint said: “Credential phishing campaigns targeting Google account users are among the most common phishing attacks we observe. The use of data URLs to hide phishing attacks is also fairly common, although embedding white space in the URL is a clever trick to further obscure the true nature of the attack. That said, recent changes in both Chrome and Firefox have mitigated the potential effectiveness of this particular technique.”
Like ransomware, phishing is a relatively simple tactic that has become more formidable in recent times. With access to an individual’s information so easy via social media, a hacker can practically profile their target, giving the simple attack a sharp, psychological edge.