Gimasys - đối tác cấp cao tại Việt Nam được Google lựa chọn để phối…
Security experts have recently discovered a scheme that includes many moves to hack Gmail accounts' information that has great influence and negative impact because even people with technology knowledge can completely in the category of being easily deceived, "giving up" personal data to the bad guys behind.
The hackers will first look for attachments that the user has sent before for the contact list of or and topics related to the outgoing emails. These attackers will then start collecting contact email addresses, and these email addresses will become the next target of the attackers. After finding a piece of information, the hacker creates an image of the attachment (screenshot) and that image is attached in the sender's email with the email or similar subject, increased awareness and automatic trust.
What makes this attack so effective is that the phishing emails are sent from someone the email recipient (the victim) knows.
This new Gmail attack scam uses an attached image that masquerades as a PDF file with a scaled-down version of the attachment buffer. Once clicked, the victim will be redirected to the phishing page, which is disguised as the Google login page. But it is a FIRE.
The URL spoofs the Gmail login page as the accounts.google.com subdomain. So with just the link is enough to fool the majority of users into believing that they are on a legitimate Google page.
In addition, since the browser does not display the red warning icon commonly used by Google to indicate unsafe pages, users are subject to Gmail hacking programs.
Here's what WordFence CEO Mark Maunder reported on the attacks that were posted in a blog:
. “This phishing technique uses something called 'data URI' to include a file entirely in the browser address bar When you look up the browser address bar and see 'data:text/html' … .. 'which is actually a very long text string. "
“People are scammed because of a clever trick used by these attacks, and they send their credentials, which is passed directly to the attackers. And as soon as the attackers get the authorization, they will log into the victim's Gmail account."
To protect and avoid these phishing email attacks is very simple. Gmail users need to enable two-step authentication, and of course always be careful when opening any files in your email.
So even if attackers can access your certificate, they won't be able to proceed further without your phone number or USB device encryption to gain access to your account.