Fresh Phishing Attack Targeting Gmail Users

One fresh phishing scam is attacking users of Gmail. The scam is so crafty that it even duped technical specialists into divulging the credentials of their Gmail accounts. The phishing electronic mail characteristically arrives from the e-mail ids of the contacts of the victim. First the mentioned contacts are hijacked and then used to dispatch the phishing e-mail. Wordfence CEO Mark Maunder for WordPress detected the latest phishing tactic.

As Maunder explains immediately when the credentials are divulged, the hackers use them to log into the victim's account while utilizing one of his subject lines and one of his attachments followed with dispatching them to friends in his address book. Indian Express posted this, January 19, 2017.

No sooner does the victim give away his password, the attackers use it to gain admission into his Gmail account. From there they begin garnering information for carrying out secondary assaults. For that they find out the attachment which was earlier sent from the victim's account to his friends listed in his address book along with an associated subject-line that was used in an e-mail by the victim.

Inside the phishing e-mail, there's stuff which looks like the attachment's image that if clicked for viewing a review, however, shows one fresh tab asking the user to again log into his Google mail ID. For the more careful user who may hurriedly look inside the address bar of the website, he would observe the text -'data:text/html' in front of the usual service login of Gmail.

The majority of people who actually hurriedly look inside the address bar and believe the login is genuine will get ensnared with the phishing scheme. As the link opens, the crooks begin garnering contact e-mail ids. The same contacts now are fresh targets thus the attack spreads.

And because people don't think that co-workers or friends will send them phishing e-mails they easily get ensnared. Logging into any user's A/C given the revelation of the password on a phony login page happens immediately. This gives the attackers full admission into that user's e-mails while they're able to garner all personal details to execute secondary assaults.

» SPAMfighter News - 1/24/2017