A New Gmail Phishing Attack Is Faking The Login Screen


A new Gmail phishing attack is faking the login screen, and the one in question is polished and convincing enough to trick even some knowledgeable and tech-inclined users to give up their details, despite it being rather simple in execution. The attack presents a user with a fake Google login when they click on an attachment, which can be from a familiar face if their account has been compromised through this hack, and gives almost all of the hallmarks of the real sign in page for Google Services. The attack can be prevented by looking at the top URL bar.

A user has to take a close look at the URL bar to see that something is amiss; Google's usual lock icon is missing in Chrome, and in all browsers, users will notice that the URL does not begin with HTTP or HTTPS, and has a strange chunk of code to the far right that actually calls a program to deliver victim's credentials to the attacker. Once the attacker has a victim's login, they log into the account quite quickly, find an attachment that will work, then send out messages to a large number of your contacts containing the attack, along with a fairly innocuous subject line that pertains to the attachment. From there, they can get into almost any service that a user has their Gmail linked to for password recovery, from online games to social networks and even work-related services.

According to a statement from Google, a phishing attack of this nature cannot be stopped on their end. This is simply because they cannot develop an algorithm capable of analyzing every single email message that goes in and out of their service deeply enough to find such attacks. In order for the screening process to single out messages with a higher likelihood of containing attacks, they would have to devote more compute power than they're willing to devote to the issue. The only remedy they offer is the one that's already built into Chrome and other browsers; the URL bar. In Chrome, the lack of a lock and other indications of a secure page would give away a threat. In other browsers, as with Chrome, it is vital to pay close attention to the URL of any page where you input important credentials. If you suspect you have been hit with the hack, you can go to the bottom right of your Gmail window and click on Details to see if there have been any strange logins. If there is any doubt, it may be best to simply change your password.

Share this page

Copyright ©2017 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments