You go ahead and sign in on a fully functional sign-in page that looks like this: You glance at the location bar and you see in there. Instead, a new tab opens up and you are prompted by Gmail to sign in again. You click on the image, expecting Gmail to give you a preview of the attachment. It may also include something that looks like an image of an attachment you recognize from the sender. That email may come from someone you know who has had their account hacked using this technique. The way the attack works is that an attacker will send an email to your Gmail account. This attack is currently being used to target Gmail customers and is also targeting other services. Over the past few weeks there have been reports of experienced technical users being hit by this. The Phishing Attack: What you need to knowĪ new highly effective phishing technique targeting Gmail and other services has been gaining popularity during the past year among attackers. Please share this once you have read it to help create awareness and protect the community. I deliberately left out technical details and focused on what you need to know to protect yourself against this phishing attack and other attacks like it in the hope of getting the word out, particularly among less technical users.
I have written this post to be as easy to read and understand as possible. There is a highly effective phishing technique stealing login credentials that is having a wide impact, even on experienced technical users. Unfortunately this is one of those alerts.
Keywords everywhere chrome scam update#
You can find the full update at the end of this post.Īs you know, at Wordfence we occasionally send out alerts about security issues outside of the WordPress universe that are urgent and have a wide impact on our customers and readers. Update at 11:30pm on Tuesday January 17th: I have received an official statement from Google regarding this issue. It will help prevent this specific phishing technique. If you now view a data URL, the location bar shows a “Not Secure” message which should help users realize that they should not trust forms presented to them via a data URL. Earlier this month they released Chrome which changes the location bar behavior. Update on February 24th: Chrome has resolved this issue to my satisfaction.