Email phishing is not a new term, it has been around since almost email was in existence and now that common wisdom in people has increased about email attacks, hackers have started exploring other, smarter ways of luring people into their traps.
A twitter user Tom Scott shared a screenshot that reveals another new trick to get users into trouble.
This is the closest I've ever come to falling for a Gmail phishing attack. If it hadn't been for my high-DPI screen making the image fuzzy… pic.twitter.com/MizEWYksBh
— Tom Scott (@tomscott) December 23, 2016
Because Gmail is the most widely used email service and a lot of people access Gmail via their web browsers, the shady email appears like it has an attachment while it is just an embedded image that once clicked, takes users to a sign-in page that looks just like Google’s.
Just like Google’s page, the Sign-in page collects username and password, that once collected, can be used to do a lot of harm to targets.
While tech-savvy users may notice that the phishing page uses data URI with prefix “data:text/html” instead, there is a good chance that normal users will not notice it.
So, keep yourself safe folks and don’t click on attachments unless you were expecting it from the sender. Chrome 56.0.2924 tries to warn users by adding a “Not Secure” in the address line, but you will have to be safe yourself.