Security researchers at Wordfence have discovered a dangerous phishing attack that targets Gmail users and other services.
In its blog post, the security firm detailed how the scam works. First, an attacker, disguised as a trusted contact, will send an email to its prospective victim. Included in the email is an image disguised as a regular attachment.
Clicking on the attachment will lead to a fully-functional Google sign-in page. Once a victim enters login credentials, the attacker will be able to capture the needed information to steal an account.
The firm advises users to check the location bar before signing in to avoid phishing attacks. “Make sure there is nothing before the hostname ‘accounts.google.com’ other than ‘https://’ and the lock symbol,” Wordfence said.
Google has told the firm that it’s aware of the issue and promised that it will do ways to protect users from phishing attacks.
(Photo Source: wordfence.com)