A warning to all the Gmail users to be aware of a new online scam which can target your Gmail account, a group of hackers are targeting Gmail accounts and they are being termed as Gmail phishing. The scam is so convincing that even technology savvy users are getting fooled.
Mark Maunder the CEO of WordPress security Wordfence has discovered the scam. According to Maunder the scam has even managed to convince even "experienced technical users".
The way this scam works is that a person would receive an email to his Gmail account, which will be most likely from a person he knows, whose account is already been hacked by the same process, the email will contain an attachment which would look like that something the person has previously sent to the contact and also will have a relevant subject line.
Once the person clicks on the attachment, a new tab will be opened which will prompt you to sign into Gmail again, and once the person signs in, he will then fall in the trap which is laid by the hacker and unknowingly give away his password.
Once the attacker gets access to the person’s Gmail account, the attacker gains total access to the person’s account, with entire mails send and received, once they get the access, they can compromise all the services that the person uses by using the password reset mechanism including other email accounts and more.
How to be aware of the attack
When you sign-in to any service, check the location bar of the browser location and then verify the protocol and verify the hostname. Make sure that there is nothing before the hostname 'accounts.google.com' other than 'https://' and the lock symbol. You should also take special note of the green color and lock symbol that appears on the left. If you can't verify the protocol and verify the hostname, stop and consider what you just clicked on to get to that sign-in pages.
AMandeep