Beware! Gmail users, don’t fall for this mail attachment scam – A crafty new phishing mail is doing the rounds — it looks convincingly legit but completely isn’t.
Beware of emails that resemble the real deal but aren’t.
Most of us are aware that it is never a good idea to open an email attachment that appears to come from a dubious source. From carrying a payload of a virus that could disable your computer, to a rootkit that could enable external attackers gain access to your system, email attachments are often the first point of entry to compromising a device. But scammers are getting ever more clever — a recent phishing email has been doing the rounds with Gmail users, depicting what looks to be an attachment within the body of the mail, but which is in reality just an embedded image. Clicking this image takes the user to a fake ‘sign in with Google’ page.
From then on, it’s the usual modus operandi of asking for your sign-in password, that an attacker can use to gain access to your account. Another giveaway on this page is the address, which shows up as ‘data:text/html’ instead of the regular HTTPS-secured URL normally expected on a Google sign-in page. Browsers like Chrome v56 do display a ‘Not Secure’ message when encountering such pages, but these details — innocuous as they are — are easy for regular users to miss.
To prevent from falling prey to these phishing attempts, remember to be wary about clicking on attachments even if they are from trusted sources — your contact’s account could have been infected, causing it to send you an infected mail. Open attachments only if you have been explicitly expecting a file from a trusted contact. Also, be mindful of browser alerts. Finally, where available enable 2-step verification to impart an additional layer of security to your account.