Over the past weeks, there have been reports of phishing attacks that targets Gmail customers and users.
If you’re not familiar with “Phishing”, it is an illegal and fraudulent act wherein the attacker sends emails or links claiming to be from prestigious companies in order to gain access to the victim’s accounts, sometimes using and revealing the victim’s private accounts documents.
It may be difficult to detect if the attack is happening, especially when a friend’s Gmail account (which is also hacked) is being used.It could also include an attachment (most of the times an image) from the sender.
Once the target clicks the image, a new tab opens up and leads him to Gmail’s sign-in page, instead of a preview of the attached file. The location bar will show accounts.google.com, making it look legitimate.
If the target is not cautious or aware of phishing attacks, he will instantly sign in using the fake page. Once this is done, his account has already been hacked.
Related: Google wants to eliminate the use of passwords on Android devices
“The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.
For example, they went into one student’s account, pulled an attachment with an athletic team practice schedule, generated the screenshot, and then paired that with a subject line that was tangentially related, and emailed it to the other members of the athletic team,” a phishing attack victim commented on Hacker News.
The attack can happen very quickly. They could have an automated system waiting for victims to fall prey to their attacks or an actual team that is on stand-by, waiting for accounts to be compromised.
Once the attackers access the accounts, they will have full access to everything on the victim’s email. They can also hack other services or sites that is connected to the victim’s hacked email address through the password reset mechanism.
PROTECTING ACCOUNTS AGAINST PHISHING ATTACKS
Checking the browser location bar is one of the easiest way to avoid phishing attacks. However, if one is not careful, they might still fall for it.
Usually, phishing techniques uses a ‘data URI’ that includes a complete file in the browser location bar. It usually begins with ‘data:text/html’ and includes the site’s link that it is copying. When clicked, a new tab opens and shows a fake Gmail log-in page.
Instead of finding ‘https’ in the beginning, it is located after the ‘data:text/htm;’ script. Those that are not aware of the importance of ‘https’ would have already been victims of the attack, especially if they assume that it is safe.
Verifying the protocol and hostname is the next step in order to avoid phishing attacks. The browser location bar should have a secured lock symbol at the beginning followed by ‘https://‘. If these things are present in the link then it is valid, but if they are not present or cannot be verified, do not continue.
Another step to avoid these attacks is by enabling the two-factor authentication. This provides another layer of security for the account, which usually requires access from the user’s phone.
CHECKING IF AN ACCOUNT IS COMPROMISED
There is no definite way to check if an account is hacked. However, if the victim feels like it is, regular password changes is advised. For Gmail users,
For Gmail users, log-in activity can be checked to see if there are other users connected to the account. Visit Google’s Help page to find more information about this. Another way is by visiting Troy Hunt’s site, where users simply enter their email address and wait for the results. This will check if the account has been part of a data breach or leak that is not visible to the user’s eyes.
Source: WordFence