- Security Center
- English ▾
Latest Gmail Phishing Scam Is Very Convincing
A new Gmail-based phishing scam is convincing even the most tech-savvy users into revealing their usernames and passwords to cybercriminals. Phishing refers to an attempt to acquire sensitive information such as login credentials by posing as a trustworthy entity such as a bank or service provider. In this case, the phishing scam is targeting Gmail users and is one of the most convincing scams that’s been recently reported.
The phishing scam appears to work like this: you receive an email from one of your trusted Gmail contacts with an attachment that may look familiar to you, like a file you’ve previously exchanged or tickets to an event you’ve previously discussed. But this is not, in fact, an attachment but an image inside of the email that looks exactly like a Gmail attachment.
This image is also a link and when you click it, a new tab opens up. The new tab looks exactly like a Google login page – the kind of login prompt you receive if you try to go from your Gmail to your Google Drive accounts, for example. The URL in the address bar even looks legitimate but if you look closely you’ll see that there is irregular code inserted before and after the seemingly legitimate Google URL.
This code inserts a file in the web page. While the web page looks legitimate and the URL includes the official Google address, this is a fake login page and once you provide your email address and password, the cybercriminals will have possession of your account credentials.
One way to protect yourself is to vigilantly check the address bar in your browser – if you spot this code at the beginning of a seemingly legitimate URL, you may be on a phishing site. You can also enable 2-step verification for your Gmail account to add an additional layer of security to your Gmail account. Using 2-step verification requires you to sign in with your password and a second, temporary password that is sent to your phone. You can enable this Gmail security feature by going to the 2-Step Verification page.