Keep your eyes peeled guys. There’s a new phishing scam that is targeting Gmail users by faking a Gmail login page to get you to enter your username and password. For the past few months this scam has been gaining more attention and is very deceptive with a few tricks that can sometimes go undetected.
So how does the process work? It starts off with the attacker sending out an email under the disguise of a trusted contact to the victim. In this email, there is a PDF attachment that appears to be harmless, however the attachment is actually an embedded image that has been created to look like a PDF. When clicked on, it will link out to a fake Google login page which looks very convincing. Perhaps the biggest red flag to informing you that you’re on a fake page would be the URL in the address bar which would read with the prefix “data:text/html”.
Once the user enters their username and password, that’s it, their information is captured. On top of that, after attackers gain access to a person’s inbox, they can survey the account, find past emails, attachments and contacts. With a convincing subject title and new fake attachment, the cycle continues.
While Google are currently aware of this issue, what you can do to prevent falling for this scheme is to be cautious of the URL in your address bar by looking out for a “https://” and lock symbol. And if you receive any suspicious emails from a friend be sure to check with them first!
For more information check out this more detailed article from the Wordfence blog: https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/