[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Clever Gmail Targeting Phishing Email Discovered

Published on
4,128 Points
1 Endorsement
Last Modified:
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.

How it Works

fake gmail login screen- phishedThe attack works by targeting a victim’s contact list and sending out authentic looking phishing emails. When this forged email is opened and the attachment clicked, a page appearing to be the Google log in portal opens.

Once the victim submits their credentials into the site, the hackers start crawling the victim’s inbox. These crawlers look at previous subject lines and attachments for contextual relevance to copy.

A screenshot is taken of a previous attachment and a new message is composed. This screenshot becomes the entry way into the phishing Gmail login page. The subject line is then pulled from a previous email that would be relevant to the attachment.

The new version of the email is sent to all the victims contacts, and the attack starts again. The use of previous subject lines and attachment, help to make the hacker’s email look very genuine. This technique has tricked many users into opening the infected attachment.

One of these emails is described by a commenter on Hacker News,

“[The hackers] went into one student’s account, pulled an attachment with an athletic team practice schedule, generated the screenshot, and then paired that with a subject line that was tangentially related, and emailed it to the other members of the athletic team.”

The impersonation of the victim and the familiarity of the subject tone help the phishing email to be trusted. The hacker’s concealment of the incorrect URL by using a data URL, furthers this trust.

Data URLs

data URL is file that, “allows normally separate elements such as images and style sheets to be fetched in a single Hypertext Transfer Protocol (HTTP) request.” This permits the hackers to hide the entire code for the phishing landing page within the image attachment as well as display an authentic looking URL.

Data URL identified gmail phishing login scam
While a careful user may look at a website’s URL to ensure its validity; many may not notice the data URL has brought them to the phishing page instead. This highlights the importance of having a full stack email security service implemented within an organization.

google two step verification icons

How to Protect your Account

The best way to ensure your account is safe from these types of attacks is to have 2-Step verification turned on. This protects you as the hacker will only have the recorded password (first form of verification). Without both forms of verification the hacker will be unable to access the account.

Here is a link on how to turn on Google’s 2-Step Verification

The sophistication of this scam shows just how fast phishing techniques and attacks are advancing. The hackers are learning to be more effective and efficient and the users and services must keep up. To stay protected, users should ensure they are well educated on the newest phishing threats.

The losses from phishing and other business email compromise (BEC) scams have cost companies over $1.2 billion, according to the FBI. Want to make sure your employees can spot a phishing email before it cost you your business? Check out our Phishing Awareness Training page to learn more our simple and effective phishing user training program!

The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month