Your name:
Your email:
To (email):
Comment (optional):




New type on phishing attack on Gmail fools even savvy users
Published: Tuesday 17 January 2017 | 11:18 AMCET, The Paypers

Recently, a new phishing campaign targeting Gmail users, highly effective, has been discovered by security experts.

Consequently, as soon as a victim submits a password, the criminals log in to the victim's Gmail account. Afterwards, they start gathering information to launch secondary attacks, as they look for an attachment that the victim has previously sent to his or her contacts and a relevant subject line from an actual sent email. Then they start gathering up contact email addresses.

Those addresses become the new targets, and as a result, the phishing emails are coming from someone the victim knows. The cybercriminals send over a message with a thumbnailed version of the attachment. When clicked, it does not open the Gmail previewer, as a convincing Gmail login box is displayed.


According to Forbes, victims might not notice because of a clever trick employed by this attack. Instead of sending potential victims to a website that could be blocked by protections like Google's SafeBrowsing system, clicking the attachment loads a full web page worth of code into the browser's address bar.


In order to defeat the fraud, users are encouraged to enable two-factor authentication in Gmail. Unless the attackers have access to that second factor -- say, your phone or a USB cryptographic key -- stealing your password will not allow them to access your account.


Commenting on this, Bert Rankin, Lastline, said “Unfortunately, constantly evolving and improving phishing attacks are now a way of online life for all of us. For those enterprise IT administrators with the mission of protecting the organization, education of the employees is not enough. It takes just one accidental well-meaning click on a malicious email to inflict irrevocable damage to the whole of the organization. In addition to employee education and awareness about how phishing attacks work and how to check a suspicious email, it is an imperative that IT put filtering mechanisms in place that use technology - not people - to sort, test and eliminate such malicious emails before they even have a chance to test the eyes of the employees.”


The Paypers is the leading independent news source for the global e-payment community, covering all significant news in the online and mobile payments industry, as well as closely related topics. The Paypers provides you need-to-know information about the payment industry: real time news, research, analysis, statistics and various articles. More info? Visit: tistics and various articles. More info? Visit: http://www.thepaypers.com or e-mail: info@thepaypers.com