Beware of ‘highly effective’ Gmail phishing scam

My recommendation is to not only change your password, but add 2-Step authentication. It’s what I do for my account.

Be careful what you click on, Gmail users.

An Internet security expert is warning users of the popular email service about a “highly effective” phishing scam that grants hackers access to personal information.

The newly discovered scam is said to be particularly deceptive because hackers have been using familiar Gmail pages to disguise its underlying attack.

“The way the attack works is that an attacker will send an email to your Gmail account,” Mark Maunder, founder of WordPress security firm Wordfence, wrote in a blog post published last week.

“That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.

“You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again.”

At this point, the hacker’s deceiving ways come into play. The access to information is achieved upon sign-in.

“Once they have access to your account, the attacker also has full access to all your emails including sent and received at this point and may download the whole lot,” Maunder added.

“Now that they control your email address, they could also compromise a wide variety of other services that you use by using the password reset mechanism including other email accounts.”

Maunder goes on to explain how to protect yourself against attacks.

For more information, you can read his entire blog post here.