Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.
If you have a Gmail account, you need to be aware of a scary scam that continues to trick people into handing over their login credentials.
What makes this scam particularly scary is that the criminals have found a way to send it from someone in the victim’s contact list.
According to tech security site WordFence, the message comes from the email account of someone you know — someone whose account has already been compromised.
The email contains image attachments that appear to be PDF files, and when you click on the attachment, a new tab opens and prompts you to log into your Gmail account again.
The new tab then shows ‘account.google.com’ and appears to be a fully functioning and safe Google page — when in fact, it’s a fake scam site set up by hackers.
According to WordFence:
“The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list. For example, they went into one student’s account, pulled an attachment with an athletic team practice schedule, generated the screenshot, and then paired that with a subject line that was tangentially related, and emailed it to the other members of the athletic team.”
Once the hackers have access to your account, they can download your emails and access any other information stored in the account.
According to TechTimes, ‘The trick to identify the bug lies in careful scrutinization of the address bar. The bug hides in plain sight but doesn’t get detected, as most users think that the webpage is Google’s protected login page after seeing ‘accounts.google.com’ in the address bar.’
‘The hackers use a phishing method known as URI or data uniform resource identifier. The URI method is used to attach a data file in the location bar in front of ‘https://accounts.google.com.’ The data file ‘data:text/html’ is attached in front of the host name, which opens up the fake login page.’
Read more: New Netflix email requesting your info is a scam!
Here’s what TechTimes suggests for avoiding this particular scam:
If you think you may have already fallen victim to the scam, change your Gmail password immediately. Then go to your account activity page and end any current sessions that you don’t recognize.
Phishing is a way for criminals to carry out identity theft by using fake websites, emails and robocalls to try and steal your personal information — including passwords, banking info, Social Security number and other sensitive data.
Here are a few ways to avoid these types of scams:
This post was last modified on June 28, 2017 8:41 pm
If you plan to take an international flight or cruise anytime soon, there's one free…
Pop quiz: What's money expert Clark Howard's favorite tax-advantaged retirement tool? If you guessed Roth…
Are you considering subscribing to NFL Sunday Ticket for the upcoming season? Now may be…
Did you know major changes are coming for the way credit card processing fees are…
There’s a lot to love about Costco. The company has deals on just about every…
Money expert Clark Howard started a travel agency in his mid-20s and grew it into…