New
#1
New, very good, Gmail phising atack in the wild
Another phishing attack is in the wild. This time, technique and used false login pages are very good, so be careful.
Phishing mail is coming from known contact and always with attachment. Clicking on that attachment will get you to false Gmail login page. There will be text added before accounts.google.... link in address bar.
Password manager would reveal phishing attempt, as it would recognize page as false and also two step authentication could save you, but not if you're not careful.
Read more on Helpnetsecurity (and other tech news links)“You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again,” WordFence CEO Mark Maunder warns.
The phishing page is a good copy of Gmail’s login page, and its URL contains the accounts.google.com subdomain, which is enough to fool many into believing that they are on a legitimate Google page.
“This phishing technique uses something called a ‘data URI’ to include a complete file in the browser location bar. When you glance up at the browser location bar and see ‘data:text/html…..’ that is actually a very long string of text,” Maunder explained.