January 18, 2017 by

Cunning Gmail Phishing Attack is Even Tricking Savvy Users

A new Gmail-targeting phishing attack is fooling account owners into giving malicious hackers access to their Gmail accounts.

The attack works with hackers sending emails to contacts of compromised accounts, as described by prominent WordPress plugin developer Wordfence.

“There is a highly effective phishing technique stealing login credentials that is having a wide impact, even on experienced technical users,” reads the alert and advisory on Wordfence.

The attack sees hackers targeting Gmail accounts with an email, stemming from an already compromised account. Typically, the email comes from a contact already known by the target and may include an image that looks like an attachment that a target can typically recognize or associate from the sender. Clicking on the image ought to open a preview of the attachment. However, a new tab opens instead, prompting the target to sign in again.

The cloak URL contains ‘accounts.google.com’ and looks plenty convincing, even to wary users.

Credit: Wordfence.

One commenter, a Sysadmin at a school revealed on HackerNews, described it as “the most sophisticated attack I’ve seen.”

The commenter wrote:

Sysadmin at a school: we use GMail for our students and faculty, and we got hit by this hard right before the holiday break. Three employees and a handful of students all got hit by the attack within a two-hour period. It’s the most sophisticated attack I’ve seen. The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.

The attackers’ efficiency shows in the way that they quickly sign in to a compromised account before proceeding to download all sent emails toward contacts, combing for further information.

In order to avoid the attack, keep an eye on the URL and check to see if there is a script tucked away toward the end of the URL bar. Further, two-factor authentication is strongly recommended, making the process of a compromise much harder for an attacker.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Google Research: Phishing Poses the Greatest Cybersecurity Threat

A new study by Google has revealed insights to better explain how emails and other accounts are...

Read more arrow_forward

Hackers Find a New Way to Attack Nuclear Plants: Template Injection

Hackers have leveraged phishing, a long successful method to execute cyberattacks, with a template...

Read more arrow_forward

Nearly 50% of Organizations are Victims of Ransomware Attacks

A new study has revealed that ransomware attacks targeting organizations continue to be one the...

Read more arrow_forward