How the Phishing attack works
The newest phishing scam is so “efficient” that many experienced technical users have reported falling for it. The scam tricks Gmail users into revealing their login credentials.The phishing attack starts with an email that contains what appears to be an attached PDF document, but is, in reality, an embedded image when clicked on opens an official looking Gmail login page; from the Google logo, the username field everything about the page looks like the real thing. Once a person enters in their username and password, the attackers use the information to gain access to their inbox and immediately create believable emails using past subject lines and attachments to send to the person´s contacts.
How to spot the attack
On most browsers secure websites start with “https://” and will display a green lock icon to the left of the address bar.
During this attack, a user will not see these secure site clues just text that includes “https://accounts.google.com,” in the address bar. If you glance quickly, you may miss the prefix ‘data:text/html’ and assume the URL is safe. In fact, the text in the address bar is not a URL but a ¨data URI¨ that is a script file that opens a new tab to a fully functional fake Gmail login page that will send your credentials to the attacker if you enter them.
How does it impact the FIT community and what can you do to protect yourself
At this time we have not had any reports of this scam being used to target FIT accounts; however, you should remain aware of the latest cyber security threats to protect your FIT account and personal accounts. Do not enter your login credentials into any site with a questionable URL. Since scammers have created phishing sites with HTTPS and can display a green lock, it’s also important to make sure these clues also appear with a proper URL, without additional text before it. Also, take note of how you came to the login page, did you click on an attachment in an email? Additionally, setting up 2-step verification can add an another level of security.
Scam as initially reported by Mark Maunder from WordFence.com