Even tech-savvy Gmail users are falling victim to hackers who steal their login credentials, according to a security expert, who notes that increasingly sophisticated phishing techniques are being employed. How does it work?
The hacker will first send you an email, which includes an attachment, according to Mark Maunder, the CEO of WordPress security plugin Wordfence.
When you click on the attachment to preview it, a new tab opens to what looks like a Gmail login page. However it isn’t genuine. If you enter your email and password, hackers will have stolen your credentials and have full access to all of your emails.
But why would I open the email from a random person in the first place?
Because the hackers have devised the email to look like it comes from one of your contacts, someone who is likely to have already been hacked by them.
The email will contain a subject line and the attachment from the contact may look familiar – they may use a subject line that your contact has used before – and rename the attachment to something plausible.
Once the hackers gain access to your emails, they will look for future targets they can send the phishing emails to.
Won’t I know something fishy is going on when I’m asked to login again?
Not necessarily, because the hackers have been very sophisticated when creating the phishing technique.
When you open the attachment and a new tab pops open, the URL will look something like: data:text/html,https://accounts.google.com/ServiceLogin?
That’s not a far cry from what it is meant to look like on the legitimate Gmail login page: https://accounts.google.com/ServiceLogin?
And the login box, where you enter your email and password, looks like the real one.
How long has this phishing technique been going on for?
It’s been gaining popularity over the last year.
Surely if you’re tech savvy, you’re safe?
Sadly not. Even “experienced technical users” have become victim to the hacks, says Mr Maunder.
So how do I stay safe?
There are some checks you can do before typing in your login details: First, check the URL to see if it begins with: data:text.
Second, if you widen out the bar, you will see there is a lot of blank space which may not be visible at first. After the blank space is the file that actually opens in a new tab, informs Mr Maunder.
Also check to see if the URL has been verified. Depending on your internet browser, the https:// might be in green, and there may be a padlock symbol before it.
You can also enable a two-factor authentication for logging in to your Gmail. So on top of the username and password, there would be an extra layer of security that will require an extra piece of information.
What if my account has already been hacked?
It would be best to change your password straightaway. Also you can check your login history to find logins from unknown sources.
Mr Maunder also recommends using a security researcher who can check if your email has been part of data leaks, but adds: “There is no sure way to check if your account has been compromised.”
When Google was approached for a comment, they pointed to Prevent & report phishing attacks page.
“We advise people to be careful anytime you receive a message from a site asking for personal information. If you get this type of message, don’t provide the information requested without confirming that the site is legitimate. If possible, open the site in another window instead of clicking the link in your email.
"You can report suspicious messages directly to us. Google will never send unsolicited messages asking for your password or other personal information.”