New Phishing Campaign Targeting Gmail Users

Jordan Kadlec

A new phishing campaign has been discovered this week that targets even the most tech-savvy Gmail users. By posing as someone you may know, cybercriminals are gathering personally identifiable information that could be leveraged against the individual or against your company. Learn how the newest phishing campaign works and how you can keep yourself and your company safe from becoming the next victim.

Gmail Phishing.jpg

What is Phishing?

Phishing is nothing new to the cybersecurity world. However, it is often mistaken for being general spam emails which is how many forms of ransomware are distributed. Take the newest form of ransomware, Spora, as an example. Spora is distributed through spam emails disguised as invoices for charges that victims didn’t make. These emails are coming from an individual or organization that is unknown to the potential victim.

What’s different about phishing is that the emails are coming from a known contact whose account has been compromised. Or, the emails are coming from someone who you think you know, but the email address has been changed by a letter or two. For example, JohnSmith@gmail.com compared to JohnSmith@gmails.com. Notice the ‘S’ at the end of Gmail on the second example.

Phishing campaigns can certainly be used to distribute ransomware. However, it would take the cybercriminal much more time to distribute the emails as they are more sophisticated attacks. The targets of phishing campaigns using ransomware would be high-profile targets where a large ransom can be demanded.

Most phishing emails contain an attachment or link set up to trick the user into divulging personally identifiable information such as financial information, login credentials, or credit card details.

Gmail Phishing Campaign

As mentioned before, the new Gmail phishing attack can trick even the most tech-savvy users. The attack works like this:

  • Hackers breach someone’s Gmail account and look through emails for correspondence containing attachments.
  • They then send emails from the compromised account, with each email leveraging similarities to prior communications, so as to make the new messages seem legitimate and familiar. Hackers will even use subject lines that were used in the past.
  • Here’s where the hack takes place. The email is embedded with an image of an attachment that has been used in the past. Rather than opening the attachment, clicking on the image will lead the user to a phishing page that looks like a Google login. Because the user is opening a Gmail attachment, the presentation of a phony Gmail login page does not sound any alarms.
  • Once the new victim enters their credentials into the phony Google login page, the hackers now have access to the victim’s account.

It’s believed that this phishing campaign has been going on for about a year with increasing intensity. How are these hackers using this campaign against their victims? Take a moment to think about all the ways your email account is used for everyday purposes. The first thing that comes to my mind is my banking sites. We have all forgotten a username or password before, right? How do you recover or reset your credentials? Enter your email address, and they will send you a temporary password or a code to reset your credentials. All a hacker has to do is search through your emails, find what banks you use, and go to those sites to request a reset to these credentials. In as little as five minutes, these cybercriminals have access to all of your personally identifiable information.

How can you stay safe?

Below are some tips, rather, necessities you need to implement into your everyday life to stay safe from phishing campaigns.

  • First, for the Gmail campaign, using two-factor authentication (2FA) can protect your Gmail account from being compromised. While this may be a pain to login to your account every time, it could save you from becoming a victim. 2FA basically means that you will need to use your password as well as a temporary code sent via text message to log in to your Gmail account. If hackers have access to your password but not the temporary code, they won’t be able to login to your account.
  • Always think twice before entering login credentials. For the Gmail campaign, why would you have to enter your login credentials again if you were already on the site? Second, do not log into sites via login pages generated by clicking links. Always go directly to the site through entering the URL into the Web browser.
  • Never enter passwords or other sensitive information into any Website with a data:text Furthermore, do not rely on warnings by Web browsers. The red warning used on insecure Websites, the certificate warnings used for invalid certificates, and the ‘unsafe site’ messages often do not appear for data:text URLs.

Outlook

Phishing campaigns can be used for ransomware attacks and gathering personally identifiable information on victims. However, they can also be the ‘in’ for hackers to gain access to a company’s servers and databases. Did you know? The average cost of a data breach in 2016 was $4 million, up from $3.8 million in 2015. How would a $4 million data breach affect your company? Would you be able to survive? Employees are and probably always will be the weakest link in the cybersecurity chain. Make sure your employees are educated not only on the persistent threats of cyberattacks and how to stay safe but the effect a cyberattack could have on your company. Unfortunately, this could be one of the biggest factors for continued success for your company.

Share this: