A new Gmail-targeting phishing attack is fooling account owners into giving malicious hackers access to their Gmail accounts.
The attack works with hackers sending emails to contacts of compromised accounts, as described by prominent WordPress plugin developer Wordfence.
“There is a highly effective phishing technique stealing login credentials that is having a wide impact, even on experienced technical users,” reads the alert and advisory on Wordfence.
The attack sees hackers targeting Gmail accounts with an email, stemming from an already compromised account. Typically, the email comes from a contact already known by the target and may include an image that looks like an attachment that a target can typically recognize or associate from the sender. Clicking on the image ought to open a preview of the attachment. However, a new tab opens instead, prompting the target to sign in again.
The cloak URL contains ‘accounts.google.com’ and looks plenty convincing, even to wary users.
One commenter, a Sysadmin at a school revealed on HackerNews, described it as “the most sophisticated attack I’ve seen.”
The commenter wrote:
Sysadmin at a school: we use GMail for our students and faculty, and we got hit by this hard right before the holiday break. Three employees and a handful of students all got hit by the attack within a two-hour period. It’s the most sophisticated attack I’ve seen. The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.
The attackers’ efficiency shows in the way that they quickly sign in to a compromised account before proceeding to download all sent emails toward contacts, combing for further information.
In order to avoid the attack, keep an eye on the URL and check to see if there is a script tucked away toward the end of the URL bar. Further, two-factor authentication is strongly recommended, making the process of a compromise much harder for an attacker.
Image credit: Pixabay.