Security company Wordfence reports a phishing campaign, which has been targeting Gmail users for some time. It uses images that look like attachments to send the victim to a fake Google login page.
On that page, which looks just like an actual Google page, victims are asked to enter their login details, Wordfence writes. After this is done, those behind the phishing campaign quickly gain access to the account, making it appear that this is either automated or with a team standing by. In addition to the speed with which logging in takes place, the url of the login page is striking. It contains the text accounts.google.com, which can make it look like you’re on the right page at a glance.
In reality, the page uses data URI to include a file in the browser’s address bar. This is invoked as soon as the victim clicks on the ‘attachment’ of the email message, reports a person who received such an email. The page does not display a green lock signifying a secure connection, but also does not display a lock with a red cross. Instead, only black text appears in the address bar. The company says a possible solution is to give this text a different color to attract the user’s attention, for example yellow or orange.
The text in the address bar on the login page. There is a lot of white space between the text on the right and the text on the left, so that the text on the right disappears.
The people behind the phishing campaign use victims’ contacts to send emails to other people. They use the subjects of previously sent e-mails to give the impression that it is a real e-mail. One of the ways to combat this form of phishing is to use two-factor authentication, Wordfence said. In this way, malicious parties cannot log into the account, even if they have the login details. Attackers could also target email services other than Gmail with this technique.