Beware of the new and twisted Gmail phishing campaign

Spam emails[1] have long become an ordinary aspect of our daily email usage experience. Those of us who have been online for quite some time have no problem spotting useless or potentially dangerous inbox items and sending them straight to the trash[2]. Besides, email providers such as Gmail always keep on top of the service security as well, regularly introducing new features catered to ensure an all-round protection for the users. In fact, just in the beginning of 2017, Gmail developers have eliminated the transfer of JavaScript and a bunch of other types of files which are typically used for the distribution of the file-encrypting ransomware viruses[3]. Unfortunately, the battle against malware developers is endless: as soon as you patch up one security gap, the extortionists will sure find another. This tendency has yet again been proven by the security experts who have just disclosed a new and highly sophisticated Gmail phishing[4] campaign that has nearly outwitted even the most experienced computer techies.

Image of Gmail phishing campaign

The new scam campaign is a much more complex approach to phishing that has ever been attempted by the criminals before. Nevertheless, like most scams, it all starts with an email. The potential victim receives a message from a person on his/her contact list. The legitimacy of such email is almost unquestionable: it is sent from a trusted source, features personal details and refers to some topical subject. In an informative letter, the sender asks the receiver to download a PDF file which supposedly contains some relevant information. In reality, the link to this file is fake and hides a redirect to a fake Gmail login page which asks the user to re-enter his/he login credentials.

The bogus domain looks identical to the original one and it is virtually impossible to tell the difference between the two. All the information that the victim discloses on this page is sent straight to the hackers who can then use it to break into their accounts. In the worst case scenario, the compromised accounts may reveal sensitive information, online banking logins, credit card details, social security number and the victim’s home address. Even if you do not keep such information in your inbox or cloud storage, the access to your account will not go to waste and will be utilized for spreading phishing emails to the people from your contacts list. The criminals will use the information they manage to gather from your previous interactions to make the phishing emails more convincing. Eventually, this may end up with you unknowingly sending some malicious virus such as Cerber ransomware to your co-worker, relative or a friend.

How do you protect yourself from such scams? Do not rush clicking on any links, for starters. Closely analyze received emails and do not hesitate to inquire the sender about the attachments in person or via other channels. But let’s be honest here: it may be very time consuming to check back with everyone who wishes to contact you or send you some documents. Thus, a thing you can do is to look at the URL tab when on Gmail login page. The corrupt domain will feature data:text/htyml instead of the usual https://[5]. Do not submit any information Gmail login page that features an URL other than! You should also consider enabling two-step login verification for that extra layer of security.

About the author
Jake Doevan
Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions

Read in other languages