As users become more aware of the methods that scammers use to phish information, these hackers continue to get creative in their methods. The newest method gaining traction is the one that targets Gmail user from all over the globe. Security experts warn that it may have a significant impact on people who use Gmail.
Using legitimate Gmail links, these scammers are luring unknowing users into clicking links which redirect them to websites where they can steal their information.
Ivan Konovalov, the Customer Success Manager of Semalt, provides some ways through which users can reduce the risk of falling victim to such phishing scams. The following is a list of things you need to know.
Wordfence unearthed the Gmail phishing scam. In one of its blog pieces, it has included detailed information as to how these scams work. Scammers target the Gmail accounts that users have with Google and send them very many emails. They use different strategies to try and dupe the user into providing their information. Among the most common methods used is the inclusion of a link, attachment, or disguise themselves as a contact or company familiar to the user.
Upon clicking, the link redirects the user to a page which has a close resemblance to the real Gmail site and asks the user to input their login details one more time to gain access. What users may not know is that this new page is indeed a portal for hackers where they harvest passwords and email addresses. These will give them full access to the user's account and lock them out. With complete control of the account, they then send the malware through their emails to the contacts they find on that account. Security experts advise online users never to use the same logins and passwords for multiple sites as they may use brute force to access other sites that one is currently a member.
Google ascertains that the issue is of relevance and has considered the matter. Currently, the company is looking into newer ways through which they can strengthen their defenses against cyber criminals who use such tactics.
In an interview with one of the Google's spokespersons, they gave a list of ways through which they help maintain user security from phishing attacks to Express.co.uk. Among them were safe browsing warnings, machine learning based detection, preventing suspicious account logins and much more. All of these try to avoid unauthorized entry or detect messages already flagged as a phishing scam. There is also a two-step verification process that users can use to improve their protection status.
If one believes that there are potential phishing emails in their inbox, there are ways through which they can make to reduce data compromise. On the second login page that appears after clicking on a link, if it displays a web domain that is different from what the legitimate one looks like, then it is no doubt a scam. The reason is that hackers use "data URI" which inserts a legitimate address into the fake domain. However, in-between are white spaces where they hide their malicious link. The only way that users can remain safe is to make sure that there is nothing that comes in front of the hostname other than "https://."