The Latest Gmail Hacking – Even tech-savvy Gmail users are falling prey to the latest pishing technique. Protect yourself from getting Hacked.
How does this new phishing trick work?
According to one of the tech enthusiasts hacker will send you an email, which includes an attachment. Interestingly the email comes from one of your contacts not from unknown email id. So when you see an email from one of your contacts then most probably you will open it to read the mail and since it is having an attachment, when you click on the attachment to preview it, a new tab opens to what looks like a Gmail login page. However it isn’t genuine. If you enter your email and password, hackers will have stolen your credentials and have full access to all of your emails.
Phishing/Hacking Link: When you open the attachment and a new tab pops open, the URL will look something like:
what it is meant to look like on the legitimate Gmail login page: https://accounts.google.com/ServiceLogin?
And the login box, where you enter your email and password, looks like the real one.
How to Protect your account?
- Check the URL to see if it begins with: data:text. as below
- If you widen out the bar, you will see there is a lot of blank space which may not be visible at first. After the blank space is the file that actually opens in a new tab.
- Also check to see if the URL has been verified. Depending on your internet browser, the https:// might be in green, and there may be a padlock symbol before it. You can also enable a two-factor authentication for logging in to your Gmail. So on top of the username and password, there would be an extra layer of security that will require an extra piece of information.
Here is an official statement from Google :
Google’s statement: “We advise people to be careful anytime you receive a message from a site asking for personal information. If you get this type of message, don’t provide the information requested without confirming that the site is legitimate. If possible, open the site in another window instead of clicking the link in your email. You can report suspicious messages directly to us. Google will never send unsolicited messages asking for your password or other personal information.”