Skip to main content
  1. Home
  2. Computing
  3. News

New phishing scam has high success rate against tech-savvy Gmail users

By

Time to change your passwords, again. Well, if you’re a Gmail user anyway. A new phishing scheme, targeting Gmail users, aims to use your contact list against you by putting together a legitimate-sounding email from the contents of your inbox in an effort to compromise the accounts of your friends, family, and co-workers.

It sounds complicated, but the sophisticated attack is deceptively simple. Let’s start at the top. Just like any other phishing attempt, you’ll receive an email in your inbox, but it will look like it’s from one of your contacts — it will have details that other phishing emails don’t.

Recommended Videos

Instead of hawking male enhancement pills or fake package delivery notifications, this one will be from a friend or family member, it’ll include a plausible subject line and may include an attachment from that contact’s email box.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, Max (HBO), and more

Clicking the attachment, which may be an image, will take you to what appears to be a Gmail login page. You input your information, and your account is immediately compromised. The scammers will then use your email address to try and hook another victim from your contact list, using the same technique.

Why is this phishing scam a bigger deal than the others currently out there? Well, Wordfence points out that it’s been around for about a year, but lately, experienced, tech-savvy users have been falling prey to this attack. Because it’s so custom-tailored, and because it’s a bit more subtle than other phishing attempts, it’s a tough one to spot.

After all, Gmail does a pretty good job of diverting dangerous emails from your inbox, but these ones come from your contacts, people who you likely know or work with, so they’re able to bypass standard spam protections.

Luckily, there are some surefire protections you can use. First, as is always a good idea, change your password, and enable two-step verification. Now would be a good time to start using a password manager like LastPass.

Now on to the actual phishing scam itself. If you click any link or attachment in an email and Gmail prompts you to re-enter your credentials, stop, and double-check your URL or address bar.

The beginning portion of the URL should read “https://accounts.google.com” but if it reads “data:text/html” before the HTTP portion of the URL, do not enter your credentials. Close the site, clear your cache, report the email, and change your password just to make sure.

Jaina Grey
Jaina Grey
Former Digital Trends Contributor
Jaina Grey is a Seattle-based journalist with over a decade of experience covering technology, coffee, gaming, and AI. Her…
Topics

Editors’ Recommendations

This dangerous new hacker tool makes phishing worryingly easy
Computer user touching on Microsoft Word icon to open the program.

Setting up phishing campaigns for Microsoft 365 has become a relatively straightforward process due to a phishing-as-a-service (PhaaS) platform named Caffeine.

As reported by Bleeping Computer, the service offers a way for cybercriminals to target individuals in order to obtain access to their Microsoft 365 accounts.

Read more
Microsoft Teams will now protect you against phishing attacks
A close-up of someone using Microsoft Teams on a laptop for a videoconference.

One of the dangers of the internet involves clicking links. Even if it appears to be from a trusted source, you never know where a URL might take you once you visit it. That's why Microsoft is now rolling out phishing protections in Microsoft Teams, so you can worry less about hackers stealing your sensitive information with look-alike links and web pages.

With remote and hybrid work models seeing an increase and Teams use booming over the last year, Microsoft says this latest Teams feature is all about ensuring Teams is "the most secure real-time collaboration platform." Officially known as Safe Links, the new Teams feature is powered by Microsoft Defender for Office 365. Under the hood, it works by scanning a URL once it is clicked in Teams to make sure it is legitimate and trusted.

Read more
Google reportedly working on new Gmail logo, suggesting upcoming changes
Gmail app icon.

 

Google is reportedly working on a new logo for Gmail, which likely means that a major overhaul for the email service is on its way.

Read more