View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
March 17, 2017updated 20 Mar 2017 4:46pm

New Gmail Phishing scam trawling for unsuspecting users

This new technique is more formidable than the usual phishing attack.

By Tom Ball

Gmail users are being threatened with the theft of their personal information by a new phishing scam.

The phishing scam has been active since at least January, as Word Fence issued the first warning that is was active.

Despite having been discovered some time ago, the technique has become well known due to increasing reports. According to a range of reports, the new technique is notch above the typical phishing attack that most will be able to spot immediately.

Following this warning, Google set about trying to introduce a line of defence by implementing the Chrome browser to make users aware if the phishing attempt was present.

Although the technique is not limited to the hunting ground of Gmail, it has generated the most significant body of reports so far. The fraudulent email will apparently contain an embedded image that adds greatly the air of legitimacy, and it will often be sent from a familiar individual’s account that has already been compromised.

trawling

A phishing attempt is usually made by an attacker sending out emails while trying to appear as someone known to the user, or as a reputable business so as to encourage trust and ultimately to follow a link or open an attachment.

Content from our partners
How designers are leveraging tech to apply the brakes to fast fashion
Why the tech sector must embrace faster, smarter talent recruitment
Sherif Tawfik: The Middle East and Africa are ready to lead on the climate

If the unsuspecting user makes the mistake of taking the next step of accessing the contents of the fraudulent email, they are often presented with a highly realistic looking login page that will harvest the victim’s username and password if typed in.

            READ MORE: Cyber security basics: How to recognise phishing attacks

This is the case with the new phishing scam, as it is said that once signed in to the fake page when prompted, the hacker will have complete control of the account.

Patrick Wheeler, director of Threat Intelligence for Proofpoint said: “Credential phishing campaigns targeting Google account users are among the most common phishing attacks we observe. The use of data URLs to hide phishing attacks is also fairly common, although embedding white space in the URL is a clever trick to further obscure the true nature of the attack. That said, recent changes in both Chrome and Firefox have mitigated the potential effectiveness of this particular technique.”

Like ransomware, phishing is a relatively simple tactic that has become more formidable in recent times. With access to an individual’s information so easy via social media, a hacker can practically profile their target, giving the simple attack a sharp, psychological edge.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU