For most of us, email is a way of life. From work to personal communications to smartphone applications downloads, our email is our virtual online address where most of important documents and updates are sent. That being said, email is an indispensable online asset. Modern life isn’t just the same without it. Unfortunately, it’s the one thing that most of us tend to neglect, especially when it comes to security.
In the past weeks, a phishing scam over Gmail has circulated and propagated in the World Wide Web, escaping the scrutiny of both experts and new users of this email platforms.
Wordfence (security team behind WordPress) revealed how the phishing scam worked using its account to send unsolicited emails that contained that same malicious strings that pretended to be an authentic Gmail log-in page.
After the victim is fooled to logging in at the fake Gmail login page, the attacker gains access to the victim’s account. This cycle continues as the attacker uses the compromised account to send malicious emails to other people in the email’s contact list.
That’s why this phishing method “gained popularity” among hackers in the past year: as it effectively tricked people into thinking that they’re opening content from a trusted contact. Furthermore, the hackers behind this method makes it much deceitful as they emulated the way the victim user sends his/her emails from the subject down to email body.
How to detect this?
The phishing technique is deceiving even experienced, technical users – the kind who are already aware of attacks designed to extract valuable information through online.
What makes this recent uncovered technique so much more dangerous is that the location bar shows the text string “accounts.google.com” – a legitimate Google page. However, in this phishing attack, there’s a text string (“data:text/html”) preceding “accounts.google.com.”
There’s also another large chunk of text appearing on the far side of the location bar, which is the file that ultimately sends one’s credentials to the attacker.
These hard-to-spot text strings differentiate the phishing log-in page from the legitimate sign-in page. Most will see “accounts.google.com”, believe it’s the real thing and continue with the log-in.
Wordfence provided advice on how to avoid being victimized by this phishing attack:
“Make sure there is nothing before the hostname ‘accounts.google.com’ other than ‘https://’ and the lock symbol. You should also be keen about the of the green color and lock symbol that appears on the left. If you can’t verify the protocol and verify the host-name, stop and consider what you just clicked on to get to that sign-in page.”
The use of 2-step authentication is highly advised. This method uses a secondary verification mechanism for users, and to regularly change passwords.
Wordfence also received word from Google regarding the attack. The tech giant acknowledged it and said that they’re strengthening their defenses against it.
“We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more,” said one of the Google representative.
Wordfence suggested that Google should incorporate a design that allows users to easily identify the malicious, hidden text strings seen in these attacks which is similar to the way that the Google Chrome browser labels insecure “https” pages in red and secure, trusted ones in green.
To know more about how to make your website secured and safe for your users, you can check iManila’s hosting page and check how our secured hosting packages and safety features such as the SSL certification can help you secure your business online.