Page 1 of 4 123 ... LastLast
  1.    18 Jan 2017 #1
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,960
    Windows 10 (Pro and Insider Pro)

    New, very good, Gmail phising atack in the wild


    Another phishing attack is in the wild. This time, technique and used false login pages are very good, so be careful.

    Phishing mail is coming from known contact and always with attachment. Clicking on that attachment will get you to false Gmail login page. There will be text added before accounts.google.... link in address bar.

    Password manager would reveal phishing attempt, as it would recognize page as false and also two step authentication could save you, but not if you're not careful.

    “You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again,” WordFence CEO Mark Maunder warns.
    The phishing page is a good copy of Gmail’s login page, and its URL contains the accounts.google.com subdomain, which is enough to fool many into believing that they are on a legitimate Google page.

    “This phishing technique uses something called a ‘data URI’ to include a complete file in the browser location bar. When you glance up at the browser location bar and see ‘data:text/html…..’ that is actually a very long string of text,” Maunder explained.
    Read more on Helpnetsecurity (and other tech news links)
      My ComputerSystem Spec
  2.    18 Jan 2017 #2
    Join Date : Oct 2014
    Trnava
    Posts : 2,866
    Windows 10.4 Home 1709 x64

    All the articles on internet write about it, but with the most important piece of information missing.
    Not a single screenshot, what to look for, just guesses. That is sooo helpful to prevent it.
      My ComputerSystem Spec
  3.    18 Jan 2017 #3
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,960
    Windows 10 (Pro and Insider Pro)
    Thread Starter

    Quote Originally Posted by TairikuOkami View Post
    All the articles on internet write about it, but with the most important piece of information missing.
    Not a single screenshot, what to look for, just guesses. That is sooo helpful to prevent it.
    Mail will always looks different (and legitimate). That's what makes it so dangerous (IMHO)

    Only picture that is really important is login screen with that text in address bar...
      My ComputerSystem Spec
  4.    18 Jan 2017 #4
    Join Date : Oct 2013
    South Australia
    Posts : 674
    macSierra

    This is why two-factor authentication is so important for Gmail, and indeed all other, mail providers.
      My ComputersSystem Spec
  5.    18 Jan 2017 #5
    Join Date : Oct 2014
    Trnava
    Posts : 2,866
    Windows 10.4 Home 1709 x64

    Quote Originally Posted by AndreTen View Post
    Only picture that is really important is login screen with that text in address bar...
    That is, what I am talking about. They say, it shows as encrypted within green bar, well I will just have to imagine it.

    Quote Originally Posted by Golden View Post
    This is why two-factor authentication is so important for Gmail, and indeed all other, mail providers.
    As long as it is not mandatory, I will never use two-factor authentication, I do not want to loose access to my emails.
      My ComputerSystem Spec
  6.    18 Jan 2017 #6
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,960
    Windows 10 (Pro and Insider Pro)
    Thread Starter

    Quote Originally Posted by TairikuOkami View Post
    That is, what I am talking about. They say, it shows as encrypted within green bar, well I will just have to imagine it.


    As long as it is not mandatory, I will never use two-factor authentication, I do not want to loose access to my emails.
    Picture is in the first post..


    I'm using two factor auth. Not very happy about it, but risk is too high lately.
      My ComputerSystem Spec
  7.    18 Jan 2017 #7

    iam not the kind that can spot whiat is fake and what is legit..i should pay more attention. ive never been a victim before

    should i also do the 2 step verification?
      My ComputerSystem Spec
  8.    18 Jan 2017 #8
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,960
    Windows 10 (Pro and Insider Pro)
    Thread Starter

    Quote Originally Posted by Pathfinder View Post
    iam not the kind that can spot whiat is fake and what is legit..i should pay more attention. ive never been a victim before

    should i also do the 2 step verification?
    When typing passwords, green sign for lock should be in the beginning of the address bar. Most of the users don't pay attention.
    Click image for larger version. 

Name:	image.png 
Views:	64 
Size:	6.9 KB 
ID:	117600

    Password managers like lastpass or keepass are good solutions for situations like this. 2 step verification is also good solution, but is not 100 % - a bit more advanced attack can intercept code from 2nd step.
      My ComputerSystem Spec
  9.    19 Jan 2017 #9
    Join Date : Oct 2013
    Standish, Lancashire
    Posts : 6,028
    Windows 10 Pro x64

    Quote Originally Posted by Pathfinder View Post
    iam not the kind that can spot whiat is fake and what is legit..i should pay more attention. ive never been a victim before

    should i also do the 2 step verification?
    Everybody should use two-factor authentication if it's available, and care about your security.
      My ComputersSystem Spec
  10.    19 Jan 2017 #10
    Join Date : Oct 2013
    A Finnish expat in Germany
    Posts : 12,976
    Windows 10 Pro

    Quote Originally Posted by TairikuOkami View Post
    As long as it is not mandatory, I will never use two-factor authentication, I do not want to loose access to my emails.
    I wont say your comment is utterly stupid as I said in my reply to you last time only couple of weeks ago when I saw you post this same comment in another thread. Reason I wont say it now is because then your post and my reply got binned by mods. Trying now to find other words to say the same staying within forum rules:

    I hope our members possibly seeing your comment understand how utterly nonsense it is. Two step authentication when set up correctly does never mean you lose access to your emails and / or account.

    Two-Step Authentication by Google:

    You can set up an authenticator app on a smart phone and print / write to a note 10 single use security codes, in addition to adding as many mobile and fixed net phone numbers as you wish as two-step authentication devices:

    Click image for larger version. 

Name:	image.png 
Views:	6 
Size:	36.2 KB 
ID:	117673

    Windows Phone users, you can't use Google's own authenticator app but there's a really good alternative in Windows Store called AuthenticatorG. I use it for Google and YouTube authentication, it works flawlessly.

    Two-Step Authentication by Microsoft:

    In addition to authenticator app, add as many email addresses, mobile and fixed net phone numbers as you want to:

    Click image for larger version. 

Name:	image.png 
Views:	4 
Size:	35.5 KB 
ID:	117674

    Both Google and Microsoft and as far as I know most other services allow you to select a device as trusted one, meaning the code will not be asked on that device until you "un-trust" it, in which case the code would be asked again next time and you could again choose to trust the device or not.

    Using myself as an example, as I have the authenticator apps for both Google and Microsoft on smartphone, me loosing access to Google would mean that I've lost access to my trusted devices (an Android tablet and a laptop), home phone, mobile phone and at the same time lost the note I keep in my wallet with those 10 single use security codes. I would call this scenario impossible.

    The same with Microsoft account. Microsoft allows even additional email address to be set up as a mean to receive security codes. Again impossible scenario, me losing access to phones, authenticator app, trusted laptops and all additional security emails at the same time.

    I hope my choice of words this time helps to keep your bad advice and my reply here, that they would not be binned because I think it is important that our members and visitors alike get correct information.

    One personal recommendation to you, polite and in all friendliness: It is never a good idea to post anything that could be taken as advice on subjects you know nothing about.

    Kari
      My ComputerSystem Spec

 
Page 1 of 4 123 ... LastLast


Similar Threads
Thread Forum
Good email reader for Gmail
Does anyone know of a Good email reader for Gmail that will basically sort by sender and then by date for that sender either ascending or descending date. And then also when you delete, it would actually delete the message, it would put it in trash...
Browsers and Email
New Flash Player Zero-Day in The Wild
A new flaw in latest version of Flash to be patched next week. On my systems I use the free version of Malwarebytes Anti-Exploit to protect my systems. I guess we will see another updated from MS also. ...
Windows 10 News
Didn't take long - MSDN ISO's out in the wild !!!
Hi there Well I suppose it had to happen - the MSDN RTM ISO's are out in the wild already !!! -- but I'd imagine these have their own keys so presumably won't be "Activateable" if you use these to update an existing installation and you aren't an...
General Support
Java zero-day security flaw exploited in the wild
Java zero-day security flaw exploited in the wild | ZDNet
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 19:04.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums