There's a new phishing campaign targeting Gmail users. Security researchers say that it's highly effective and that even tech experts have been left confused.
It not yet known whether the scam itself is the product of sophisticated automation technology or a team of individuals, but, according to Forbes, security researchers warn this is a highly sophisticated and effective attack, and users should do everything they can to protect their accounts.
This new technique of attack was initially found by security researchers at WordFence, which is a famous security tools developer, and according to a blog written by CEO of WordFence, Mark Maunder, this is a very effective phishing scam as the hackers log into the user accounts as soon as they enter their details, and then they send actual texts and attachments from that account to the people in the contact list, thereby extending the chain in the scam.
And even worse, if you use the same login details for other websites or accounts, the hackers will be able to gain access to these too.
You need to be very careful before, falling for such scams. A good clue here is the URL on the page. It reads “data.text/html.https…” in fact as the blog pointed out its says data URI and not a URL. A ‘data URI’ used in this scheme includes a complete file in the browser location bar.
If the website address starts with HTTPS:// then you are fine, as the ‘S’ stands for ‘secure’. If you still curious, the blog points out that you can head to haveibeenpwned.com and check with your email on this trustworthy website.