A new phishing scam that involves the use of a person’s email contacts, has been observed via Google’s Gmail service.This phishing scam centers around the appearance of an email being sent by a familiar email contact.The catch is that the “familiar” contact’s account has been compromised and is being used maliciously. Within the email is a PDF attachment that appears to be legitimate. The malicious actor crafts the email around familiar context that would seemingly come from the user’s contact and uses that information to create a subject that is more likely to evoke the recipient’s trust. This cunning technique heightens the probability that the recipient will execute the malicious file.
The malicious PDF file
The PDF “attachment” is an embedded image designed to fool the user into clicking on it. Once the unsuspecting user clicks on the file, a new tab in the user’s browser redirecting them to a fake Gmail login page.The intention of the phishing page is to steal credentials. Logging into an unsuspecting site can lead to your account becoming compromised. which will continue the spreading of compromised sites. If you ever find yourself suddenly redirected to a page you did not expect, always look in the address bar to see if it is led off by a HTTPS://. Most sites that require you to sign into an account uses https as an extra form of security.
Unfortunately, many people have clicked on this file and found themselves giving away their credentials through the official looking but yet malicious Gmail login page. In one of the articles I read, a user stated that he was almost tricked into logging into the fake login page until he realized how badly pixelated the Gmail image was on his screen. Most users would not know to look for such an indicator.
Unfortunately, if the user inputs their credentials on this type of page, they will have undoubtedly put their personal security at risk. It can actually get a lot worse for a user if they use that same email address and password for other sites such as banking and retail sites. You never want to give an attacker the “keys to the kingdom” when it comes to your online identity.
Further protection from Phishing sites
Chrome Update 56.0.2924 came with an important change.The update included a change to the address bar. When viewing a URL that does not have an HTTPS:// next to it in the updated versions of Google Chrome, the address bar will display a “Not Secure” message. This subtle change should aid in reducing the number of credentials that are stolen by way of phishing sites. Over time this new site awareness method should help users realize if a site is truly secure or not.
Another method that a user can protect themselves against phishing attacks is with the use of 2FA (two factor authentication) whenever possible. You can learn more about it here. Two factor authentication is another layer of security that will further prevent an attacker from compromising their account even if a password is obtained maliciously. Staying vigilant by carefully reviewing the website address you enter or are redirected to in addition to enabling two factor authentication greatly reduces your chances of account compromise.