ST. GEORGE — An intricate phishing attack is targeting Gmail users and appears so authentic that even the most tech-savvy users are being deceived; once an account is hacked all contacts in that account become targets as well.

Reports from experienced technical users concerning the scam have been received over the past few weeks by security expert Mark Maunder, CEO and founder of Wordfence, a blog resource of security firm Feedjit Inc. More than 1 million active WordPress websites use a Wordfence security plugin, its site states.

The impact of the current scam is “hitting hard because even the most advanced computer users are being duped,” Maunder wrote in an analysis of the attacks published last week.

Phishing scams, generally, aim to steal personal information such as credit card numbers, Social Security numbers, user IDs and passwords. The phishing scam of immediate concern was initially identified about a year ago but has returned with enhanced features that prevent detection.

The hacker’s emails are convincing and succeed in many cases in obtaining Gmail login credentials, Maunder states in his analysis. In fact, he wrote, the emails are so convincing that even the most security-minded individuals have fallen victim to the scam.

Consumer Affairs reporter Mark Huffman took notice of Maunder’s analysis and released an article Jan. 19 warning consumers of the “dangerous familiarity” found in this particular phishing scam. Everything about the scam looks genuine, Huffman said, but in reality it is anything but that.

“For starters,” he wrote, “the objective is to learn the user’s log-in credentials, so the Gmail account can be used to perpetuate the scam and eventually assemble an army of compromised accounts that can be used to distribute spam.”

How the scam works

The hacker first sends an email that includes an attachment, and when the user clicks on the attachment it doesn’t open and instead directs them to what appears to be a Gmail login page. At that point, the account holder is asked to enter their credentials to log into their account.

Once that information is typed in, the hackers can immediately seize the account information, log in and begin sending the phishing email to everyone in that person’s contacts, Maunders’ report states.

Everything appears to be authentic, Huffman said, down to the fake sign-in page with the Google logo and slogan. The only way a user can determine that the site is fraudulent is by the address bar in the user’s browser.

The only thing that should be listed before “accounts.google.com” is the “https//” and a green lock symbol that appears on the far left of the browser.

The fake login page has “data:text/” inserted in front of the “https:” – an embedded file that opens instead of directing the user to the legitimate site.

Maunders also said that once the hackers take control of an email address they have access to all sent and received mail, which can compromise “a wide variety of services that you use by using the password reset mechanism including other email accounts, any SaaS services you use and much more.”

SaaS, or Software as a Service, refers to any service hosted in the cloud where customers can access software applications over the internet. Facebook, Twitter and Google are examples of this type of service.

Tips to avoid this phishing attack

One way to avoid becoming a victim of this phishing scam is to enable Google’s “2-Step Verification” which provides an extra layer of security, Aaron Stein with Google Communications wrote in a statement published by Wordfence last week. In part, he said:

We’re aware of this issue and continue to strengthen our defenses against it. We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.

Once the enhanced verification is enabled, scammers will no longer be able to access a Gmail account unless they also have access to the account holder’s phone or security key. Instructions for “2-Step Verification” can be found here.

Security experts at Gmail recommend changing the password immediately if an account has been compromised. Login activity can also be viewed showing anyone that has logged into the account; to do so, click here and then click “Details” at the bottom of the inbox.

Performing a complete Gmail Security Checkup is also recommended. The checkup includes choosing stronger passwords, checking account permissions and updating browsers. To perform a checkup, click here.

Consumers are also cautioned to always look for the “lock” icon next to the address bar in the browser which identifies the website as secure, and while it’s not foolproof, it is still an extra level of security.

Email: [email protected]

Twitter: @STGnews

Copyright St. George News, SaintGeorgeUtah.com LLC, 2017, all rights reserved.