Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Don't Fall for This Sophisticated Gmail Phishing Scam

To protect yourself against this attack, you will need to pay close attention to your browser's location bar.

By Angela Moscaritolo
January 18, 2017
Gmail Tips

Heads up, Gmail users: a new phishing attack is making the rounds and it's fooling even technically-savvy, security-conscious users.

SecurityWatch The ruse aims to steal usernames and passwords for Gmail and other services, and "is being used right now with a high success rate," according to Mark Maunder, CEO of WordPress security plugin Wordfence, who described the campaign in detail.

Like other phishing attacks, this one starts with an email. Instead of a random person, the email may appear to have been sent by someone you know, and it may include an image of an attachment you recognize from the sender.

"You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again.

Gmail Phishing Scam

The location bar says "accounts.google.com" so it seems legit.

Google Accounts Phishing Scam Address Bar

Once you sign in, the attackers have full access to your account.

Google did not immediately respond to PCMag's request for comment, but told Maunder it is aware of the issue and is working to improve its defenses against it.

"We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection," Aaron Stein from Google Communications told Maunder.

Once the attacker gains access to your account, they immediately log in and find one of your actual attachments, plus one of your actual subject lines, and send it to people on your contact list to further the scam and compromise more accounts. Maunder said the attackers have either automated the scheme, or they have "a team standing by to process accounts as they are compromised."

"Once they have access to your account, the attacker also has full access to all your emails including sent and received at this point and may download the whole lot," he warned. "Now that they control your email address, they could also compromise a wide variety of other services that you use by using the password reset mechanism."

Maunder said some have said the attack can even bypass two-factor authentication, though he has not been able to confirm this claim. As Google notes in its statement, it's still a good idea to have two-factor authentication enabled, as it makes your account much harder to crack. Click here for information on how to do that.

To protect yourself against this attack, Maunder said you will need to pay close attention to your browser's location bar when you're signing into Gmail. The location bar should read "https://accounts.google.com…." and if you see this and only this, you should be good to go. In this attack, the address in the location bar will include "data:text/html," before the usual "https://accounts.google.com….".

Maunder noted that "there is no sure way to check if your account has been compromised" by this attack. If you think you might have fallen victim, change your password right away. In Gmail, you can check your login activity to see if someone else has logged into your account: Visit this link and click "Details" at the bottom of your inbox.

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Angela Moscaritolo

Managing Editor, Consumer Electronics

I'm PCMag's managing editor for consumer electronics, overseeing an experienced team of analysts covering smart home, home entertainment, wearables, fitness and health tech, and various other product categories. I have been with PCMag for more than 10 years, and in that time have written more than 6,000 articles and reviews for the site. I previously served as an analyst focused on smart home and wearable devices, and before that I was a reporter covering consumer tech news. I'm also a yoga instructor, and have been actively teaching group and private classes for nearly a decade. 

Prior to joining PCMag, I was a reporter for SC Magazine, focusing on hackers and computer security. I earned a BS in journalism from West Virginia University, and started my career writing for newspapers in New Jersey, Pennsylvania, and West Virginia.

Read Angela's full bio

Read the latest from Angela Moscaritolo