The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques. This attack comes as a nightmare trifecta for email filtering services; sent from a familiar contact, using authentic tone and verbiage, and appearing to open to a valid Google URL. I
Protect your company from Data URLs with The Email Laundry’s Email FilteringThe Gmail Data URL Attack
The new Gmail Phishing Scam
going around is surprising even the savviest of users with its sophisticated techniques. This attack comes as a nightmare trifecta for email filtering services; sent from a familiar contact, using authentic tone and verbiage, and appearing to open to a valid Google URL. It is no surprise that users of all technical levels are finding themselves breached by this phishing attack.
Why was this attack so successful?
The use of previous attachments and subject lines in this scam, partnered with the familiarity of the sender, gives the user a false sense of security. This misjudgment of security is heightened by the familiar looking attachment and the accounts.google
URL the user encounters on the phishing page. With their guard down the user enters their credentials and the hackers are in.
In this attack, the phishing landing page is launched from the attachment with the use of a data URL. Data URLs
are “URLs prefixed with the data: scheme, allowing content creators to embed small files inline in documents.”
Through the use of a data scheme, the hackers are able to place the code for the entire phishing site right into the document.
Norwegian researcher, Henning Klevier
, outlines the danger of hackers using data URLs in his 2012 research paper;
“Using this procedure, there is no clear source of the phishing page and its content, which makes it difficult to trace, monitor the movement or establish the origin of the web page. There is no way to shut down or remove a data URL web page, besides removing all instances of its link.”
How to Stop a Data URL Attack
While most phishing emails get stopped by email security filters, this attack is able to get through as it is from a user’s contact list. Once through to the user’s inbox, it is up to the user to identity the fraudulent email and delete the data URL encoded attachment. The success of this Gmail attack and its use of a data URL, is sure to start a new trend among hackers and companies must prepare. With over 100 billion spam emails
sent each year to employee opened business email compromises, a stronger defense is required.
To help protect against these types of attacks, The Email Laundry,
has enhanced its email filtering service to prevent emails containing a data URL. Any email with an attachment containing a data:
scheme will be intercepted and quarantined to ensure complete security. By placing another barrier between the hacker and the user, companies can worry less about email scams and focus on their business.
This premier feature is offered as part of The Email Laundry’s Full Stack Email Security