Attention: Gmail Phishing Technique Being Exploited
This is the summary of a longer article from Mark Maunder on Wordfence page about phishing technique targeting Gmail and other services. This is something we all should be aware of.
It goes like this:
- An attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.
- You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again. When you look at the address bar you see this:
- Once you complete sign-in on that page, your account has been compromised.
Now that they have access to your account, the attacker also has full access to all your emails including sent and received at this point and may download the whole lot.
Once they control your email address, they could also compromise a wide variety of other services that you use by using the password reset mechanism including other email accounts, any SaaS services (for example Twitter, Facebook, Flickr and so on) you use and much more.
However, this technique can be used to steal credentials from many other platforms besides Gmail with many variations in the basic technique.
How to protect yourself against it
When you sign in to any service, check the browser location bar and verify the protocol, then verify the hostname. It should look like this in Chrome when signing into Gmail or Google:
Make sure there is nothing before the hostname ‘accounts.google.com’ other than ‘https://’ and the lock symbol. You should also take special note of the green color and lock symbol that appears on the left. If you can’t verify the protocol and verify the hostname, stop and consider what you just clicked on to get to that sign-in page.
Enable two factor authentication if it is available on every service that you use. Gmail calls this “2- step verification”.
Enabling two-factor authentication makes it much more difficult for an attacker to sign into a service that you use, even if they manage to steal your password using this technique.
If in doubt that your account has been compromised, change your password immediately. Changing your password every few months is good practice in general.
How to check if your account is already compromised
If you use Gmail, you can check your login activity to find out if someone else is signing into your account. If you see active logins from unknown sources, you can force close them. If you see any logins in your history from places you don’t know, you may have been hacked.
There is a site run by Troy Hunt (a well-known security researcher) where you can check if any of your email accounts have been part of a data leak. Simply enter your email address and hit the button.
Now you know, so spread the word!
If you are interested what google thinks about it and want to have more details, then I recommend reading the full-length original article, the link is below.