Watch out for this sneaky Gmail attack

Wordfence have highlighted a particularly sneaky Gmail phishing attack. Here’s what to look out for …

You receive an email – possibly from a friend or a legitimate contact – with an attachment, like this:

Although it looks genuine, it’s NOT a real attachment. It’s actually an embedded image crafted to look like a PDF, and when you click it, the embedded link in the image takes you to a fake Google login page …

… that also looks like the real thing. The only clue is in the browser’s address bar:

But that looks genuine too, doesn’t it? It says https://accounts.google.com, etc. The only oddity is that  data:text/html preface. And that’s the gotcha. It’s actually what’s known as a ‘data URI’ and what it’s telling the browser is that what follows isn’t a web address but a string of text, in this case a particularly long one. After a lot of whitespace to push what follows off the screen, you’ll find this …

… the start of a script that opens in a new tab and creates a functional but fake Gmail login page. A page that sends your user name and password to the attacker.

According to a comment on Hacker News,

“The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.”

One thought on “Watch out for this sneaky Gmail attack

  1. There are many ways of attacking Gmail, one of the best technique is the phishing attack so please beware of these attack and to be safe use above because of these techniques are good and then also you have been attacked then contact CCleaner Customer Support to get rid of it.

Leave a Reply

Your email address will not be published. Required fields are marked *