There’s a new phishing scheme being used to steal Google account credentials — and even experienced users are falling for it.
We caution clients all the time not to click on a link or unknown attachment. When in doubt, mouse over the link in your email and make sure that it actually goes to Paypal, Gmail, etc., and not some Russian hacker looking to elect our next president.
Turns out that bit of advice is so 2016! Hackers have figured out out how to embed a script that steals your login information using actual web URLs. So just because you see https://accounts.google.com in the URL doesn’t mean the link is safe.
The new technique uses a data URI feature that is supported by Chrome and all of the major browsers. The string in your browser will start out with data:text/html,https://accounts.google.com and then continue on with a bunch of white space that hides a script in your address bar that creates a fully functional phishing page that sends your username and password to the hacker.
It’s been particularly effective because it looks and acts like the real thing. Typically, you’ll receive a link or an image in an email you are supposed to click on to view more. The same can also be done from a web page. It works because people think the images have been shared with them on Google Drive … thus the need to login.
Right now, the hack is especially popular with Google, but it would work with Dropbox, Paypal or just about any site that users frequently access to view more info.
You can read more about it here but you’ve at least been warned. Some of the old advice holds true: When in doubt, don’t click! You can always open a web browser and log in directly to Google or any other account.