Bitdefender has detected a new type of attack that is better built and therefore harder to catch than your traditional phishing scheme.
Much to the displeasure of Google fans, Chrome users are the most vulnerable due to how the browser displays data. This doesn’t mean, however, that Firefox users are safe in any way.
“With access to users’ Google accounts, hackers can buy apps on Google Play, hijack Google+ accounts and access confidential Google Drive documents. The scam starts with an email allegedly sent by Google, with ‘Mail Notice’ or ‘New Lockout Notice’ as a subject,” reads Bitdefender’s announcement.
The email sent out to users indicates that their email accountswill be locked out in 24 hours due to not being able to increase the email storage quota. The message contains a link that urges users to click on “INSTANT INCREASE” to avoid having their accounts locked.
When clicking the link, users are redirected to a Google login web page that, as in all similar attacks, imitates the authenticone and asks for user credential. Once they are provided, the account is compromised.
“What is interesting about this phishing attack is that users end up having the ‘data:’ in their browser’s address bar, which indicates the use of a data URI scheme,” Bitdefender adds.
Gmail phishing attack
Gmail phishing attack
Bitdefender explains that this allows scammers to include data in-line in web pages, making them appear to be external resources. This makes Google Chrome users that much more susceptible to the attacks since the browser doesn’t show the whole string, which makes it difficult for people to figure out if the site is safe or not.
You should always remember in such cases to check the email address of the sender by hovering the mouse cursor over the sender name and verifying if they match or not. If you open the message and choose to “show details” from below the sender’s name, you’ll be able to tell if the message really comes from Google or not.
On top of it all, Gmail doesn’t send unsolicited mass messages, and when it does send out a message, it’s usually easy to spot, with no confusing content, bad grammar or shady requests.