Do you generally feel like an Internet pro? So much so that you rarely fear being hacked?
Recently, cyber security expert, Mark Maunder, CEO of WordPress security plugin Wordfence,alerted the publictoa new phishing scam that has even Gmail’ssavviest users fooled…
How are hackers fooling these tech-savvy Gmail users?
By imitatingpeople the usersalready know.
As Maunder wrote, “The way the attackworks is that an attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique.”
Even scarier, the email also includes recognizable attachments.
But how do hackers get all this information?
Most Gmail users are used to clicking on attachments, which enlarges them in a preview window.
These cyber attackers, though, have triggereda new login form to pop up between yourclick and the preview window opening, prompting usersto sign into Google a second time to view the preview.
This new login is afake, designed to steal your login credentials.
The fakeprompt typically lives at the shady URL below.
Once you sign into this fake form, hackers have compromised your account and have likely initiated a new attack on your contacts.
As one hacker commented on Hacker News, “The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.”
“For example, they went into one students account, pulled an attachment with an athletic team practice schedule, generated the screenshot, and then paired that with a subject line that was tangentially related, and emailed it to the other members of the athletic team.
How can you possibly protect yourself from this hack?
NEVER login to a Gmail page that has anything other than “http://” and the lock symbol listed in the address bar prior to “accounts.google.com” per above.
You can also widen out the address bar to ensure no lingering file information remainsfurther out than your window is presently showing.
To seeif your account has already been targeted by this hack, you can check in on your account login activity here.
Google’s response to hacks in general remains unchanged:
Remember, if you are hacked, change your password ASAP.
Staysafe out there, Internet friends.
Read more: http://twentytwowords.com/even-tech-experts-are-getting-fooled-by-this-latest-gmail-scam/
Even Tech Experts Are Getting FOOLED By This Latest Gmail Scam