Phishing Attacks are getting even more sophisticated

Discussion of other internet issues.

Moderator: EasyList authors

Post Reply
gotitbro
Postaholic
Postaholic
Posts: 708
Joined: Sat Jul 09, 2016 8:33 pm
Reputation: 4

Phishing Attacks are getting even more sophisticated

Post by gotitbro » Thu Mar 30, 2017 8:13 pm

I read about a new phishing attack http://bgr.com/2017/03/15/gmail-phishing-scam-2017-how-to-avoid/ that is spreading on Gmail.

It embeds a image that looks like an email attachment on Gmail. When clicked upon it takes the user to a new sign in page beginning with "data:text/html" and contains the normal Google URL after that and looks exactly like the Google sign-in page too, so it isn't exactly clear that the page is different from the actual one, this page is actually an iframe of the phishing page.

Since the image is embedded in the email it doesn't matter if you have external images turned off the fake attachment image will still load. The latest Google Chrome version now contains a "Not secure" warning in the address bar on non "https://" pages with login functionality so it might help some users (https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/). But a lot of users use other browsers as well such as Firefox.

A lot of users are falling for this even the more "technical" ones: https://twitter.com/tomscott/status/812265182646927361, http://blog.greggman.com/blog/getting-phished/

It is quite interesting how the perpetrators of these phishing attacks are trying even more sophisticated methods of exploitation to extort data from users.

User avatar
Lanik
Site Owner
Site Owner
Posts: 1338
Joined: Thu Feb 15, 2007 7:44 am
Reputation: 21
Location: /dev/null

Post by Lanik » Fri Mar 31, 2017 3:11 am

Thanks for passing that along I would have almost fallen for it if not for the bcc. That would have raised an eyebrow for me.

One of the best things I did for myself is change the email for this site to go to dead email box. I used to get 100 of spam emails for every 1 legitimate email.
"If it ain't broke don't fix it."

User avatar
smed79
Liste AR Author
Liste AR Author
Posts: 11482
Joined: Sun Jan 17, 2010 4:00 am
Reputation: 87
Location: EasyList Forum

Post by smed79 » Fri Mar 31, 2017 3:23 am

Since 5 yers (or more) to report spam a use https://www.spamcop.net/ it's effective.
•► Before posting, to find your answer fast, read Forum « RULES » and use « Search »
••► Don't post clickable links » use inline text bbcode notation « [ C ] » or « [ code ] »

gotitbro
Postaholic
Postaholic
Posts: 708
Joined: Sat Jul 09, 2016 8:33 pm
Reputation: 4

Post by gotitbro » Fri Mar 31, 2017 4:10 am

smed79 wrote:
Fri Mar 31, 2017 3:23 am
Since 5 yers (or more) to report spam a use https://www.spamcop.net/ it's effective.
Lanik wrote:
Fri Mar 31, 2017 3:11 am
Thanks for passing that along I would have almost fallen for it if not for the bcc. That would have raised an eyebrow for me.
The emails were sent from from accounts of people they knew which were probably hacked after a successful phishing attack. This one can also be done without sending a bcc.

I definitely would've fallen for it, just look at its ingenious technique:
It came from someone I know that amounts to me instantly opening it. Oh an attachment probably an image let me open it. Then the new tab opens with the title "You've been signed out" (This is brilliant as Google often does ask for repeat sign-ins randomly). I sign-in and I am done for.

What would probably have saved me is dealing with the data:text ads (thanks EasyList forums).

Another interesting read about this attack https://news.ycombinator.com/item?id=13373327.

Post Reply