New Phishing Scam Mimics Gmail Login Page

How the Phishing attack works

The newest phishing scam is so “efficient” that many experienced technical users have reported falling for it. The scam tricks Gmail users into revealing their login credentials.The phishing attack starts with an email that contains what appears to be an attached PDF document, but is, in reality, an embedded image when clicked on opens an official looking Gmail login page; from the Google logo, the username field everything about the page looks like the real thing. Once a person enters in their username and password, the attackers use the information to gain access to their inbox and immediately create believable emails using past subject lines and attachments to send to the person´s contacts.

Gmail Phishing Example
Example posted by user @tomscott to Twitter

How to spot the attack

On most browsers secure websites start with “https://” and will display a green lock icon to the left of the address bar.

Gmail Secure URL

During this attack, a user will not see these secure site clues just text that includes “https://accounts.google.com,” in the address bar. If you glance quickly, you may miss the prefix  ‘data:text/html’ and assume the URL is safe. In fact, the text in the address bar is not a URL but a ¨data URI¨ that is a script file that opens a new tab to a fully functional fake Gmail login page that will send your credentials to the attacker if you enter them. 

Data URI Example
Via Mark Maunder at www.wordfence.com

How does it impact the FIT community and what can you do to protect yourself

At this time we have not had any reports of this scam being used to target FIT accounts; however, you should remain aware of the latest cyber security threats to protect your FIT account and personal accounts. Do not enter your login credentials into any site with a questionable URL. Since scammers have created phishing sites with HTTPS and can display a green lock, it’s also important to make sure these clues also appear with a proper URL, without additional text before it. Also, take note of how you came to the login page, did you click on an attachment in an email? Additionally, setting up 2-step verification can add an another level of security.

More information
Scam as initially reported by Mark Maunder from WordFence.com