Lately, a new phishing attack campaign has been going on especially targeting Gmail users. Cyber criminals has become so sophisticated with this attack that, it is good enough to fool even most tech-savvy people. It’s not a new threat, has been going on over for a year but in the recent weeks its activity increased rapidly.
I will try to give a quick summary about nature of this phishing attack. What happens is, you receive an email from someone who is on your contact list (whose account is already been compromised probably without even knowing it). It may contains an attachment, most probably an image that is already familiar to you. So when you click the image to see or re-see it, instead of giving you a preview of that image. It opens a new tab which looks like a new Google account sign-in page (FAKE ONE!). This is where it becomes very difficult to detect it is not an original Google site. Because you will see accounts.google.com in the address bar.
There are ways to find out it is actually a fake page and when you are entering your credentials details, hackers are going to access/steal your account immediately. But to keep it short, I will provide the easiest way to detect which one is fake sign-in page and which one-is not.
See these images below.
Original Google sign-in page
Fake sign-in page that hacker using to steal you credentials
Notice the difference. Avoid it when you see it and inform the original owner of that email address that his/her account security has been compromised (Not over email of course!).
That’s it for today.
Stay alert, Stay Safe and most importantly spread the word by sharing it.
