Your Gmail account may be in danger; take steps to secure your account

January 17, 2017
2 min read

Internet fraud, such as phishing, has been on the rise as cybercriminals discover new ways to deceive users. Phishing is an attempt to obtain sensitive information such as passwords, credit card details or username for mischievous reasons by disguising as a trustworthy entity in electronic communication.

Security experts have revealed that Gmail users are a target of a new phishing campaign that can outsmart even experienced tech users. Cybercriminals use specially created URLs to trick  people into entering their Gmail credentials on a phishing website. Once a victim submits a password, the attacker logs into the victim's Gmail account and starts gathering information in preparation for a secondary attack targeted at contacts of the victim..

Asides gathering contact email addresses of the victims, the attackers also scan for attachments and appropriate subject lines from previously sent emails. So the phishing email, which contains a message and a thumb-nailed version of an attachment, appears to be sent from someone the victims actually know.

When this attachment is clicked a convincing Gmail login box is opened, however this is a trap. A full web page worth of code is entered into the browser’s address bar when the attachment is clicked. With the rest of this code carefully hidden by whitespaces, all the victim sees is the very beginning and the "" may cause many to let their guard down.

phising adress bar
The phishing URL

Experts are unsure of the exact mechanism of the attack, but it is suspected that these criminals either have an active team ready to act on compromised accounts or they employ some advanced automation feature in their code.

How to protect yourself from these attacks

These carefully planned attacks can be easily overcome if you enable two-factor authentication in Gmail. Attackers cannot gain access to your account without access to this second factor which may be your phone or a USB cryptographic key.

If you fear that you may already be a victim of the scam, you should first change the password of your Gmail account then get rid of any current sessions on your Gmail account activity page that you consider suspicious.

Writer. Interested in EdTech and tech careers
Writer. Interested in EdTech and tech careers
Subscribe To Techpoint Digest
Join thousands of subscribers to receive our fun week-daily 5-minute roundup of happenings in African and global tech, directly in your inbox, hours before everyone else.
This is A daily 5-minute roundup of happenings in African and global tech, sent directly to your email inbox, between 5 a.m. and 7 a.m (WAT) every week day! 
Digest Subscription

Give it a try, you can unsubscribe anytime. Privacy Policy.

Writer. Interested in EdTech and tech careers

Other Stories

43b, Emina Cres, Allen, Ikeja.

 Techpremier Media Limited. All rights reserved