A new Gmail phishing attack is faking the login screen, and the one in question is polished and convincing enough to trick even some knowledgeable and tech-inclined users to give up their details, despite it being rather simple in execution. The attack presents a user with a fake Google login when they click on an attachment, which can be from a familiar face if their account has been compromised through this hack, and gives almost all of the hallmarks of the real sign in page for Google Services. The attack can be prevented by looking at the top URL bar.
A user has to take a close look at the URL bar to see that something is amiss; Google’s usual lock icon is missing in Chrome, and in all browsers, users will notice that the URL does not begin with HTTP or HTTPS, and has a strange chunk of code to the far right that actually calls a program to deliver victim’s credentials to the attacker. Once the attacker has a victim’s login, they log into the account quite quickly, find an attachment that will work, then send out messages to a large number of your contacts containing the attack, along with a fairly innocuous subject line that pertains to the attachment. From there, they can get into almost any service that a user has their Gmail linked to for password recovery, from online games to social networks and even work-related services.
According to a statement from Google, a phishing attack of this nature cannot be stopped on their end. This is simply because they cannot develop an algorithm capable of analyzing every single email message that goes in and out of their service deeply enough to find such attacks. In order for the screening process to single out messages with a higher likelihood of containing attacks, they would have to devote more compute power than they’re willing to devote to the issue. The only remedy they offer is the one that’s already built into Chrome and other browsers; the URL bar. In Chrome, the lack of a lock and other indications of a secure page would give away a threat. In other browsers, as with Chrome, it is vital to pay close attention to the URL of any page where you input important credentials. If you suspect you have been hit with the hack, you can go to the bottom right of your Gmail window and click on Details to see if there have been any strange logins. If there is any doubt, it may be best to simply change your password.