Consequently, as soon as a victim submits a password, the criminals log in to the victims Gmail account. Afterwards, they start gathering information to launch secondary attacks, as they look for an attachment that the victim has previously sent to his or her contacts and a relevant subject line from an actual sent email. Then they start gathering up contact email addresses.Those addresses become the new targets, and as a result, the phishing emails are coming from someone the victim knows. The cybercriminals send over a message with a thumbnailed version of the attachment. When clicked, it does not open the Gmail previewer, as a convincing Gmail login box is displayed.
According to Forbes, victims might not notice because of a clever trick employed by this attack. Instead of sending potential victims to a website that could be blocked by protections like Googles SafeBrowsing system, clicking the attachment loads a full web page worth of code into the browsers address bar.
In order to defeat the fraud, users are encouraged to enable two-factor authentication in Gmail. Unless the attackers have access to that second factor -- say, your phone or a USB cryptographic key -- stealing your password will not allow them to access your account.
Commenting on this, Bert Rankin, Lastline, said “Unfortunately, constantly evolving and improving phishing attacks are now a way of online life for all of us. For those enterprise IT administrators with the mission of protecting the organization, education of the employees is not enough. It takes just one accidental well-meaning click on a malicious email to inflict irrevocable damage to the whole of the organization. In addition to employee education and awareness about how phishing attacks work and how to check a suspicious email, it is an imperative that IT put filtering mechanisms in place that use technology - not people - to sort, test and eliminate such malicious emails before they even have a chance to test the eyes of the employees.”
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now