Google is warning of a new email phishing scam that directs users to what looks like a Google sign-in page, in order to steal personal details and steal the user’s contacts’ details and passwords.
The scam is extremely well designed. It starts with the scammer sending an email to your Gmail address that appears to come from one of your contacts. The email asks the reader to take a look at an attached file, usually a PDF or Word document. The email and the attachment may well seem to be legitimate as it comes from one of your contacts, but clicking on the document takes you to a new page in a new tab that prompts you to sign into your Gmail account again.
Of course, you absolutely shouldn’t try to sign in again, as this is actually a fake page that mimics Google’s authentic sign in page. Entering your details here means the scammer gets access to them, and they not only steal your personal information but can try to scam your contacts too.
The scam works because the attached document is in fact, not a document at all but an embedded image that appears to be a document. Click on it and it redirects to the fake sign in page, instead of attempting to download the file – which is what happens in normal cases.
Luckily there are ways to spot the scam. The best way is to always check the browser address bar before trying to log in. The Google sign-in page that users are directed to appears legit, with the same logo, text boxes, and tagline. But the address bar is the tell-all: The page is a data URI with the prefix “data:text/html.” It’s not a URL that begins “https://.”
Google also has recently released a Chrome update to 56.0.2924 to help spot such fake forms. With the update, if you view a data URL, the location bar will show “Not Secure” to help users spot phishing scams more easily. Users on laptop and desktop computers can often hover their cursor over the attachment to check its URL before clicking.