Gmail Phishing Scam Uncovered

A Gmail phishing scam has been discovered, and it’s effecting even technical computer users. Accoring to TechCrunch, in February 2016, Google announced that it had reached “[..] more than 1 billion monthly active users” (Lardinois, 2016). Gmail provides webmail for thousands of businesses and countless individuals around the world. If you are a Gmail user, you’re going to want to read this! A new type of phishing attack is sending you emails that have an attachment that could compromise your entire Google account.

How it works

The attacker sends an email to you misidentified as one of your contacts.  This email contains an attachement, which appears to be a harmless PDF document or other format of a document.  At this point, nothing may seem out of the norm to a typical Gmail user.

However, the attachement is an embeded image disguised as another file type.  When you download this image, it triggers a Google login page, identical to what you would normally see.  This page looks something like this.

If you stay signed into Google, you may not see this sign-in screen very often, but it seems harmless enough to go ahead and enter the requested information, right?  Well, doing so may result in your Gmail account and contacts being compromised to this phishing scam.

Avoiding the Scam

Fortunately, there is an easy way that Google Chrome users can assure themselves that they are not stumbling upon one of these malicious sign-in screens.  Look for the green padlock at the top of Google Chrome to ensure that you are on a secure site.

If you do not see this symbol, and the “Secure” message, do not enter your Google credentials.  Navigate away from the site immediately.  It is recommended that if you run into a non-secure Google login page, completely close out of your internet browser, and go back into it.  Pass this information along to your family and friends, and don’t be the victim of yet another growing phishing scam.  Good luck!