Gmail Phishing is the fraudulent practice of sending emails meant to be from reputable companies or people that Gmail users know, in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

How Gmail Phishing Works

An attack starts when a Gmail user receives an email from someone they know, who has been hacked already. The email can also incorporate something that resembles an image of an attachment you recognise from the sender.

Once you click on the attachment to preview it, a new tab opens up and you are prompted to sign in to your Gmail account again.

You may glance at the location bar or the whole page you landed on to check if its secure, and see some usual information that Gmail users usually see when logging in like “accounts.google.com” or the regular Google log in page that is fully functional. Once you completely sign in, the hackers have access to all your log in details and account.

They then use your account to hack your contacts in the same manner they did to you.

How To Avoid Gmail Phishing

Internet users have always been advised to check the location bar of any browser they using before signing in. Specifically looking for the green padlock and the company name. Well, with this attack users will see the company name and they will think the URL is secure.

To avoid the Gmail Phishing  users have to change what they are checking for in the location bar. When they realise that there are words before https ://and to be specific when you see these words,‘data: text/html…’, just know the URL is not safe, it will open in a new tab landing you on a fake Gmail login page.

During this attack, a user sees neither green nor red. They see ordinary black text. This should be another sign that URL is insecure because Google has modified the behaviour of the address bar in the past to show a green protocol color when a page is using HTTPS to indicate it is secure.

The location bar of an insecure Gmail log in will look like the one below

Gmail Pishing secure URL

Vs The location car of a secure log in when using chrome.

Gmail Pishing. fake URL

How Can Users Tell if a Website is Secure?

1.) Look at the web address in your browser, make sure the web address starts with https:// then the host name should follow

2.) Look for a closed padlock in your web browser. When you click on the padlock you should see a message that states the name of the company and that “The connection to the server is encrypted”

For More information, contact Mynt Productions

Recommended Posts

No comment yet, add your voice below!


Add a Comment

Your email address will not be published. Required fields are marked *