New email scam targets Google users

A new phishing scam can display what looks like a Google sign-in page if users click on attachments. If they then log into their Google account to view the file, the program sends account names and passwords to hackers.

The scam has specific relevance to the real estate industry. Since it gives hackers access to Gmail accounts, Realtors who use Gmail could have two people with complete access to their email for both sending and receiving – themselves and a hacker. These hackers often monitor correspondence between Realtors, title companies and buyers and, at the last minute, try to have the final check wired to their bank account.

How the scam works: A scammer will send an email to your Gmail account. The email likely will appear to be coming from one of your contacts and ask you to look at an attached file, such as a PDF or Word document. It may appear to be legitimate since it seems to be coming from one of your actual contacts, but when you click on the attachment to try to preview the attachment, a new tab opens and prompts you to sign in to your Google Gmail account.

If you do, the scammer now has access to your email account. What’s more, they can use one of your actual email attachments and subject lines to try to dupe someone else on your contact list too.

How can you spot the scam? Always check the browser bar before you log in. The Google sign-in page that users are directed to appears legit, with the same logo, text boxes, and tagline. But the address bar is the tell-all: The page is a data URI with the prefix “data:text/html.” It’s not a URL that begins “https://.”
Google also has recently released a Chrome update to 56.0.2924 to help spot such fake forms. With the update, if you view a data URL, the location bar will show “Not Secure” to help users spot phishing scams more easily. Users on laptop and desktop computers can often hover their cursor over the attachment to check its URL before clicking.

Source: “Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited,” WordFence (Feb. 24, 2017) and “Beware This Clever ‘Fake Attachment’ Gmail Phishing Scam,” Lifehacker.com (March 14, 2017)
© Copyright 2017 INFORMATION, INC. Bethesda, MD (301) 215-4688

Spread the word. Share this post!