January 18, 2017 by

Cunning Gmail Phishing Attack is Even Tricking Savvy Users

A new Gmail-targeting phishing attack is fooling account owners into giving malicious hackers access to their Gmail accounts.

The attack works with hackers sending emails to contacts of compromised accounts, as described by prominent WordPress plugin developer Wordfence.

“There is a highly effective phishing technique stealing login credentials that is having a wide impact, even on experienced technical users,” reads the alert and advisory on Wordfence.

The attack sees hackers targeting Gmail accounts with an email, stemming from an already compromised account. Typically, the email comes from a contact already known by the target and may include an image that looks like an attachment that a target can typically recognize or associate from the sender. Clicking on the image ought to open a preview of the attachment. However, a new tab opens instead, prompting the target to sign in again.

The cloak URL contains ‘accounts.google.com’ and looks plenty convincing, even to wary users.

Credit: Wordfence.

One commenter, a Sysadmin at a school revealed on HackerNews, described it as “the most sophisticated attack I’ve seen.”

The commenter wrote:

Sysadmin at a school: we use GMail for our students and faculty, and we got hit by this hard right before the holiday break. Three employees and a handful of students all got hit by the attack within a two-hour period. It’s the most sophisticated attack I’ve seen. The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.

The attackers’ efficiency shows in the way that they quickly sign in to a compromised account before proceeding to download all sent emails toward contacts, combing for further information.

In order to avoid the attack, keep an eye on the URL and check to see if there is a script tucked away toward the end of the URL bar. Further, two-factor authentication is strongly recommended, making the process of a compromise much harder for an attacker.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Snapchat Phishing Attack Swipes Credentials of Over 50,000 USers

Details have emerged on a phishing attack which saw hackers steal the credentials of over 50,000...

Read more arrow_forward

Google Research: Phishing Poses the Greatest Cybersecurity Threat

A new study by Google has revealed insights to better explain how emails and other accounts are...

Read more arrow_forward

Hackers Find a New Way to Attack Nuclear Plants: Template Injection

Hackers have leveraged phishing, a long successful method to execute cyberattacks, with a template...

Read more arrow_forward