Phishing Attacks are getting even more sophisticated

Discussion of other internet issues.
Locked
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Phishing Attacks are getting even more sophisticated

Post by gotitbro »

I read about a new phishing attack http://bgr.com/2017/03/15/gmail-phishing-scam-2017-how-to-avoid/ that is spreading on Gmail.

It embeds a image that looks like an email attachment on Gmail. When clicked upon it takes the user to a new sign in page beginning with "data:text/html" and contains the normal Google URL after that and looks exactly like the Google sign-in page too, so it isn't exactly clear that the page is different from the actual one, this page is actually an iframe of the phishing page.

Since the image is embedded in the email it doesn't matter if you have external images turned off the fake attachment image will still load. The latest Google Chrome version now contains a "Not secure" warning in the address bar on non "https://" pages with login functionality so it might help some users (https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/). But a lot of users use other browsers as well such as Firefox.

A lot of users are falling for this even the more "technical" ones: https://twitter.com/tomscott/status/812265182646927361, http://blog.greggman.com/blog/getting-phished/

It is quite interesting how the perpetrators of these phishing attacks are trying even more sophisticated methods of exploitation to extort data from users.
User avatar
LanikSJ
Site Owner
Site Owner
Posts: 1806
Joined: Thu Feb 15, 2007 7:44 am
Location: /dev/null

Post by LanikSJ »

Thanks for passing that along I would have almost fallen for it if not for the bcc. That would have raised an eyebrow for me.

One of the best things I did for myself is change the email for this site to go to dead email box. I used to get 100 of spam emails for every 1 legitimate email.
"If it ain't broke don't fix it."
User avatar
smed79
Liste AR/FR Author
Liste AR/FR Author
Posts: 15839
Joined: Sun Jan 17, 2010 4:00 am
Location: EasyList Forum

Post by smed79 »

Since 5 yers (or more) to report spam a use https://www.spamcop.net/ it's effective.
•► Read RULES / Use forum Search
••► Don't post clickable links
•••►Upload screenshots at imgbb.com
gotitbro
Postaholic
Postaholic
Posts: 866
Joined: Sat Jul 09, 2016 8:33 pm

Post by gotitbro »

smed79 wrote: Fri Mar 31, 2017 3:23 am Since 5 yers (or more) to report spam a use https://www.spamcop.net/ it's effective.
Lanik wrote: Fri Mar 31, 2017 3:11 am Thanks for passing that along I would have almost fallen for it if not for the bcc. That would have raised an eyebrow for me.
The emails were sent from from accounts of people they knew which were probably hacked after a successful phishing attack. This one can also be done without sending a bcc.

I definitely would've fallen for it, just look at its ingenious technique:
It came from someone I know that amounts to me instantly opening it. Oh an attachment probably an image let me open it. Then the new tab opens with the title "You've been signed out" (This is brilliant as Google often does ask for repeat sign-ins randomly). I sign-in and I am done for.

What would probably have saved me is dealing with the data:text ads (thanks EasyList forums).

Another interesting read about this attack https://news.ycombinator.com/item?id=13373327.
lisamona
New Member
New Member
Posts: 1
Joined: Thu Apr 26, 2018 12:43 pm

Post by lisamona »

this is extremely interesting, but at the same time it sounds very unbelievable, I have to delve into reading
Locked