Phishing scams are some of the worst when it comes to things that you need to watch out for on the internet. They’re often cleverly implemented and enticingly clickable. A new scam is currently making the rounds in Gmail inboxes and it is by far one of the cleverest to date.
The new email phishing scam appears to include an attachment like most common scams. But in reality, the “attachment” is an embedded image that opens a new Google login window, reports The Next Web.
This login window will ask for users to enter their password. Of course, the login window is fake. It is actually a data URI that has a prefix of “data:text/html” instead of the usual HTTPS-secured URL that is generally seen on the address bar.
Entering the user password opens up attackers to the misuse of user credentials, such as sending more of the same phishing scam mail to contacts.
It’s already a rule of thumb to be wary of unknown attachments from unknown senders. This time, users need to be even more vigilant of emails coming from people they do know. Alfred Bayle/JB