New Gmail phishing scam is even fooling tech-savvy users

If you use Gmail, you should be aware of a new phishing scam that's fooling even some of the most tech-savvy users.

According to security expert Mark Maunder, the CEO of a WordPress security plugin called Wordfence, the hacker will first send you an email that includes an attachment. When you click on it, you're directed to what looks like a Gmail login page, according to Fox 59.

However, it's a fake. If you enter your email and password, you're giving your login credentials to hackers who then have complete access to your emails.

Sounds easy enough to avoid, right? Not exactly—the email looks like it comes from one of your contacts. It may even have a subject line that looks authentic. The hackers, who've likely compromised your contact's account, will even rename the attachment to something that appears plausible.

Once your account is compromised, scammers will use your contacts to send more emails in attempts to obtain new login credentials.

Even the URL redirecting you to login to your Google account looks authentic:

The fake login box looks like the one you'd really use.

To combat this tactic, security experts say Gmail users should enable two-factor authentication, which gives you an extra layer of security. Unless the scammers have access to your phone, they won't have the access code to get into your account.

Experts say you should also look for the "lock" icon next to the address bar denoting a secure website. While it's not a foolproof method because scammers sometimes host their pages on secure servers, it's a commonsense step to take.

If you think you've already fallen for the scam, you should change your Gmail password immediately. For more information about the scam, go to this website.

Here's the response Google sent about the scam:

We're aware of this issue and continue to strengthen our defenses against it. We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.

RELATED: How to avoid charity scams:
Charity Scams
See Gallery
Charity Scams
Spanish lawyer Javier Cremades (L) listens during the first meeting of the global alliance of laws firms of 22 countries affected by the Madoff's fraud in Madrid, on February 17, 2009. Former Nasdaq stock exchange chairman Bernard Madoff was arrested in early December after allegedly confessing to his two sons and to the FBI that he had run a 50-billion-dollar pyramid fraud known as a Ponzi scheme. Investors caught in Madoff's alleged fraud include Hollywood celebrities, charities, universities, and major financial institutions including UBS, HSBC, JP Morgan Chase, BNP Paribas and Citigroup. AFP PHOTO/ PIERRE-PHILIPPE MARCOU (Photo credit should read PIERRE-PHILIPPE MARCOU/AFP/Getty Images)
Former logistics operator of French charity Arche De Zoe (Zoe's Ark) Alain Peligat leaves Paris courthouse with his wife Christine, on December 3, 2012? at the end of the first day of the trial of six Arche de Zoé members,accused of illegal involvement in adoption procedures, attempting to help minors enter France illegally and fraud. This week’s trial concerns charges made in France as Chadian President Idriss Déby pardoned them in March 2008 leading to their release in France. AFP PHOTO ERIC FEFERBERG (Photo credit should read ERIC FEFERBERG/AFP/Getty Images)
Read Full Story

From Our Partners