Internet fraud, such as phishing, has been on the rise as cybercriminals discover new ways to deceive users. Phishing is an attempt to obtain sensitive information such as passwords, credit card details or username for mischievous reasons by disguising as a trustworthy entity in electronic communication.
Security experts have revealed that Gmail users are a target of a new phishing campaign that can outsmart even experienced tech users. Cybercriminals use specially created URLs to trick people into entering their Gmail credentials on a phishing website. Once a victim submits a password, the attacker logs into the victim’s Gmail account and starts gathering information in preparation for a secondary attack targeted at contacts of the victim..
Asides gathering contact email addresses of the victims, the attackers also scan for attachments and appropriate subject lines from previously sent emails. So the phishing email, which contains a message and a thumb-nailed version of an attachment, appears to be sent from someone the victims actually know.
When this attachment is clicked a convincing Gmail login box is opened, however this is a trap. A full web page worth of code is entered into the browser’s address bar when the attachment is clicked. With the rest of this code carefully hidden by whitespaces, all the victim sees is the very beginning and the “https://accounts.google.com” may cause many to let their guard down.
Experts are unsure of the exact mechanism of the attack, but it is suspected that these criminals either have an active team ready to act on compromised accounts or they employ some advanced automation feature in their code.
How to protect yourself from these attacks
These carefully planned attacks can be easily overcome if you enable two-factor authentication in Gmail. Attackers cannot gain access to your account without access to this second factor which may be your phone or a USB cryptographic key.
If you fear that you may already be a victim of the scam, you should first change the password of your Gmail account then get rid of any current sessions on your Gmail account activity page that you consider suspicious.
On January 27, 2021, Techpoint Africa will be hosting the brightest minds in decentralised finance/crypto at the Digital Currency Summit tagged “Building the money of the future” Click here for more details, registration and sponsorship.
Report: Millionaire West African startups” raised over $1.806 billion between 2010 and 2019, 97.9% of which went to Nigerian startups. Get a free overview and 50% purchase discount here.
Listen to Built in Africa, a podcast by Techpoint Africa
Writer. Interested in EdTech and tech careers