A new phishing scam can display what looks like a Google sign-in page if users click on attachments, which could end up sending account names and passwords to hackers.
Here’s how the latest scam works: A scammer will send an email to your Gmail account. The email likely will appear to be coming from one of your contacts and ask you to look at an attached file, such as a PDF or Word document. It may appear to be legitimate since it seems to be coming from one of your contacts, but when you click on the attachment to try to preview the attachment, a new tab opens and prompts you to sign in to your Gmail account.
Read more: Security Firm Issues Fraud Warning to Agents
If you do, the scammer now has access to your account. What’s more, they can use one of your actual email attachments and subject lines to try to dupe someone else on your contact list too.
How can you spot the scam? Always check the browser bar before you log in. The Google sign-in page that users are directed to appears legit, with the same logo, text boxes, and tagline. But the address bar is the tell-all: The page is a data URI with the prefix “data:text/html.” It’s not a URL that begins “https://.”
Google also has recently released a Chrome update to 56.0.2924 to help spot such fake forms. With the update, if you view a data URL, the location bar will show “Not Secure” to help users spot phishing scams more easily. Users on laptop and desktop computers can often hover their cursor over the attachment to check its URL before clicking.
Source: “Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited,” WordFence (Feb. 24, 2017) and “Beware This Clever ‘Fake Attachment’ Gmail Phishing Scam,” Lifehacker.com (March 14, 2017)