New, very good, Gmail phising atack in the wild

Another phishing attack is in the wild. This time, technique and used false login pages are very good, so be careful.

Phishing mail is coming from known contact and always with attachment. Clicking on that attachment will get you to false Gmail login page. There will be text added before accounts.google.... link in address bar.

Password manager would reveal phishing attempt, as it would recognize page as false and also two step authentication could save you, but not if you're not careful.

“You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again,” WordFence CEO Mark Maunder warns.
The phishing page is a good copy of Gmail’s login page, and its URL contains the accounts.google.com subdomain, which is enough to fool many into believing that they are on a legitimate Google page.

“This phishing technique uses something called a ‘data URI’ to include a complete file in the browser location bar. When you glance up at the browser location bar and see ‘data:text/html…..’ that is actually a very long string of text,” Maunder explained.

Read more on Helpnetsecurity (and other tech news links)

All the articles on internet write about it, but with the most important piece of information missing.
Not a single screenshot, what to look for, just guesses. That is sooo helpful to prevent it.

TairikuOkami said:

All the articles on internet write about it, but with the most important piece of information missing.
Not a single screenshot, what to look for, just guesses. That is sooo helpful to prevent it.

Mail will always looks different (and legitimate). That's what makes it so dangerous (IMHO)

Only picture that is really important is login screen with that text in address bar...

This is why two-factor authentication is so important for Gmail, and indeed all other, mail providers.

AndreTen said:

Only picture that is really important is login screen with that text in address bar...

That is, what I am talking about. They say, it shows as encrypted within green bar, well I will just have to imagine it.

Golden said:

This is why two-factor authentication is so important for Gmail, and indeed all other, mail providers.

As long as it is not mandatory, I will never use two-factor authentication, I do not want to loose access to my emails.

TairikuOkami said:

That is, what I am talking about. They say, it shows as encrypted within green bar, well I will just have to imagine it.


As long as it is not mandatory, I will never use two-factor authentication, I do not want to loose access to my emails.

Picture is in the first post..


I'm using two factor auth. Not very happy about it, but risk is too high lately.

iam not the kind that can spot whiat is fake and what is legit..i should pay more attention. ive never been a victim before

should i also do the 2 step verification?

Pathfinder said:

iam not the kind that can spot whiat is fake and what is legit..i should pay more attention. ive never been a victim before

should i also do the 2 step verification?

When typing passwords, green sign for lock should be in the beginning of the address bar. Most of the users don't pay attention.


Password managers like lastpass or keepass are good solutions for situations like this. 2 step verification is also good solution, but is not 100 % - a bit more advanced attack can intercept code from 2nd step.

Pathfinder said:

iam not the kind that can spot whiat is fake and what is legit..i should pay more attention. ive never been a victim before

should i also do the 2 step verification?

Everybody should use two-factor authentication if it's available, and care about your security.

TairikuOkami said:

As long as it is not mandatory, I will never use two-factor authentication, I do not want to loose access to my emails.

I wont say your comment is utterly stupid as I said in my reply to you last time only couple of weeks ago when I saw you post this same comment in another thread. Reason I wont say it now is because then your post and my reply got binned by mods. Trying now to find other words to say the same staying within forum rules:

I hope our members possibly seeing your comment understand how utterly nonsense it is. Two step authentication when set up correctly does never mean you lose access to your emails and / or account.

Two-Step Authentication by Google:

You can set up an authenticator app on a smart phone and print / write to a note 10 single use security codes, in addition to adding as many mobile and fixed net phone numbers as you wish as two-step authentication devices:

Windows Phone users, you can't use Google's own authenticator app but there's a really good alternative in Windows Store called AuthenticatorG. I use it for Google and YouTube authentication, it works flawlessly.

Two-Step Authentication by Microsoft:

In addition to authenticator app, add as many email addresses, mobile and fixed net phone numbers as you want to:

Both Google and Microsoft and as far as I know most other services allow you to select a device as trusted one, meaning the code will not be asked on that device until you "un-trust" it, in which case the code would be asked again next time and you could again choose to trust the device or not.

Using myself as an example, as I have the authenticator apps for both Google and Microsoft on smartphone, me loosing access to Google would mean that I've lost access to my trusted devices (an Android tablet and a laptop), home phone, mobile phone and at the same time lost the note I keep in my wallet with those 10 single use security codes. I would call this scenario impossible.

The same with Microsoft account. Microsoft allows even additional email address to be set up as a mean to receive security codes. Again impossible scenario, me losing access to phones, authenticator app, trusted laptops and all additional security emails at the same time.

I hope my choice of words this time helps to keep your bad advice and my reply here, that they would not be binned because I think it is important that our members and visitors alike get correct information.

One personal recommendation to you, polite and in all friendliness: It is never a good idea to post anything that could be taken as advice on subjects you know nothing about.

Kari