Last night's news featured a pieces on a new internet phishing scam that is very dangerous, even to tech-savvy users.
As WGN News reports, hackers will send you a email, possibly making it look like it's from a contact you regularly communicate with, which will contain an attachment. When clicked on, the page will direct you to what looks like a Gmail login page; it even has a similar URL to the authentic login page. The authentic Gmail login page is "https://accounts.google.com/ServiceLogin?". The fake page begins with "data:text/html,"
As WordFence reports, the technique that is used in this scam is called a "data URI" which means that the page you're viewing is actually a file that opens in a new tab and creates a functional, fake Gmail login page.
If you attempt to login using this fake Gmail page, you are giving your email address and associate password to the hackers, who will then have complete access to your emails and associated contacts and documents.
If you email is hacked, the hackers will use your email to send more phishing emails from your account in order to obtain more login credentials.
WGN News suggests that Gmail users enable the two-factor authentication (adding more layers of security) or look for the "lock" icon in the address bar at the top of the browser.
If you think you have already fallen for the scam and your email may have been compromised, change your Google password immediately. And as WordFence suggests, you can also check your login activity to see if someone else might have had access to your account.
Google is aware of the issue and has issued a statement.
Make sure your website security is up-to-date with our FREE WordPress Security Guide. Click the button below to download now.