Sunday, March 26, 2017

Got Gmail? Watch out for this clever scam

News of this effective email phishing scam that targets people with Google email accounts (Gmail) was first published by Fortune two months ago and was picked up by Bruce Schneier, who linked to it on his infamous Schneier on Security blog on March 17, 2017. It works like this.

The Gmail recipient receives an email with an object that appears to be a PDF file attachment to the message. This "attachment" is actually an image file embedded in the message contents. It was made from a screen shot of a PDF file attachment and looks like this:

Fake PDF "attachment" image


If you click the image, you are redirected via hyperlink to a web page in your browser that displays an incredibly authentic looking Google login page, like so:



A quick look at the URL in the address bar might stymie event the savviest of users because it contains what appears to be a legitimate path to https://accounts.google.com. 



A closer look reveals that the URL is prepended with data:text/html. This is not a URL at all; it is called a data URI. A URL points to a location on the world wide web. A URI embeds a file. Files can execute scripts.

By typing information into this fake login box, you reveal your Google credentials to the scammer, who records that information. The bad guy now has control over your Gmail and any other Google services that you subscribe to. Needless to say, this is pretty scary.

The lesson here is Stop. Think. Do not click. If any email is unexpected or seems unusual in any way, don't click links or open attachments. Ever. And don't second-guess yourself. Studies have shown that most people experience a momentary skepticism just prior to clicking a malicious link. Go with your gut.

Another thing I've learned is to slow down when reading email. Reading email when you are rushed or feeling a bit overwhelmed can lead to making this kind of mistake.

See the Fortune article at http://fortune.com/2017/01/18/google-gmail-scam-phishing/.

No comments:

Post a Comment