Text only | Text with Images

LandzDown Forum

Security => Security Alerts & Briefings => Topic started by: Frands on January 17, 2017, 02:41:51 PM

Title: Gmail Phishing Technique Being Exploited!
Post by: Frands on January 17, 2017, 02:41:51 PM
Hi  :)

There's some mishmash going on over at Gmail  >:( :

QuoteA new highly effective phishing technique targeting Gmail and other services has been gaining popularity during the past year among attackers. Over the past few weeks there have been reports of experienced technical users being hit by this.

This attack is currently being used to target Gmail customers and is also targeting other services.

The way the attack works is that an attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.

You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again. You glance at the location bar and you see accounts.google.com in there. It looks like this….

(https://www.wordfence.com/wp-content/uploads/2017/01/gmail-data-URI-sign-in-page.png)

QuoteOnce you complete sign-in, your account has been compromised. A commenter on Hacker News describes in clear terms what they experienced over the holiday break once they signed in to the fake page:

“The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.

For example, they went into one student’s account, pulled an attachment with an athletic team practice schedule, generated the screenshot, and then paired that with a subject line that was tangentially related, and emailed it to the other members of the athletic team.”

Full story: https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/ (https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/)

More: https://news.ycombinator.com/item?id=13373327 (https://news.ycombinator.com/item?id=13373327)

http://blog.greggman.com/blog/getting-phished/ (http://blog.greggman.com/blog/getting-phished/)

---
Text only | Text with Images