recommended reading

Threatwatch

Gmail Scam Tricks Users With Convincing Login Page

Spear-phishing; Stolen credentials; User accounts compromised

A hard-to-spot phishing attack is targeting Gmail users, according to a security firm.

A potential victim receives an email from a known contact with what looks like an attachment—but that opens a tab with a fake Gmail login page that captures username and password, according to a blog post by Wordfence CEO Mark Maunder.

Not only is the login page convincing; the address in the URL contains “accounts.google.com” like the legit Gmail login page does. Once a victim “logs in,” the attack uses the compromised account to send more emails to the account’s address book. Whoever is behind the attack can also access the account’s emails and other connected services.

Maunder suggests changing passwords, checking Gmail’s activity logs for unauthorized use and enabling two-factor authentication.  

A Google statement to the blog confirmed the company is aware of the issue.

sector

Web Services

reported

January 17, 2017

reported by

Dark Reading

number affected

Unknown

location of breach

Unknown

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

2017/01/12