Phishing attacks are a common thing in the online world where hackers try to trick you into sharing personal information for their ulterior motives.
While it's not that difficult to spot an email, add or a web page specially designed to gain access to your personal information, sometimes hackers adopt sophisticated techniques to trick even the most tech savvy audience.
That said, a new phishing scam is spreading online, which as per security experts is highly effective and even the experienced, tech-savvy generation needs to be aware of it.
It starts with a regular email, which seems to be a message from one of your contacts already been affected by it. As mentioned by refinery29.com, the email looks like it contains an attachment; however the image preview for the attachment appears to be slightly fuzzy, as described by a Twitter user Tom Scott.
This is because the attached isn't actually an attachment, but just an image designed to look like one.
Things start turning south when you click on the attachment that redirects you to a page with a prompt asking you to sign into Gmail account again.
The page exactly looks like a standard Google sign-in page and if you log-in there, your account's safety will be compromised. Afterwards, the hackers can read and download all of your email and can also send the similar phishing attacks to your contacts.
Darkreading.com reports that the fake login page designed to gain access to your account is actually an inline file created using a scheme called Data URI. The page transfers data to the attacker instantly when a user enters his/her Gmail username and password on the page.
It seems that that the process of sending your account details is automated or the hacking group has deployed a team to further cause the damage.
Whatever it is, Gmail users really need to be careful this time and make a note to verify both the protocol and the hostname in the address bar of your Chrome browser while signing into a website.
Here are some steps that you can follow to protect your account from this deadly phishing attack
The first and foremost step is to not click the links in the email that you find suspicious. Providing personal information to such emails can compromise your account information.
Specially in the above mentioned phishing attack, look for the words 'data:/text/html' at the beginning of the URL. If you find such words, immediately close the tab and delete such mail.
A report also mentions that the usual green and red indicators that inform about the nature of a website are not present in this case, so be extra careful.
Enable two-step verification for you Gmail account by following these steps by Google.