The new scam campaign is a much more complex approach to phishing that has ever been attempted by the criminals before. Nevertheless, like most scams, it all starts with an email. The potential victim receives a message from a person on his/her contact list. The legitimacy of such email is almost unquestionable: it is sent from a trusted source, features personal details and refers to some topical subject. In an informative letter, the sender asks the receiver to download a PDF file which supposedly contains some relevant information. In reality, the link to this file is fake and hides a redirect to a fake Gmail login page which asks the user to re-enter his/he login credentials.
The bogus domain looks identical to the original one and it is virtually impossible to tell the difference between the two. All the information that the victim discloses on this page is sent straight to the hackers who can then use it to break into their accounts. In the worst case scenario, the compromised accounts may reveal sensitive information, online banking logins, credit card details, social security number and the victim’s home address. Even if you do not keep such information in your inbox or cloud storage, the access to your account will not go to waste and will be utilized for spreading phishing emails to the people from your contacts list. The criminals will use the information they manage to gather from your previous interactions to make the phishing emails more convincing. Eventually, this may end up with you unknowingly sending some malicious virus such as Cerber ransomware to your co-worker, relative or a friend.
How do you protect yourself from such scams? Do not rush clicking on any links, for starters. Closely analyze received emails and do not hesitate to inquire the sender about the attachments in person or via other channels. But let’s be honest here: it may be very time consuming to check back with everyone who wishes to contact you or send you some documents. Thus, a thing you can do is to look at the URL tab when on Gmail login page. The corrupt domain will feature data:text/htyml instead of the usual https://. Do not submit any information Gmail login page that features an URL other than https://accounts.google.com! You should also consider enabling two-step login verification for that extra layer of security.