[Date Prev]     [Date Next]     [Chronological]     [Thread]     [Top]

Gmail scam - be careful



To: "ccsf@cloud.ccsf.edu" <ccsf@cloud.ccsf.edu>
Subject: Gmail scam - be careful
From: Jay Field <jfield@ccsf.edu>
Date: Mon, 27 Feb 2017 16:30:44 +0000



 

Hi Everyone,

 

Since many people use Gmail, whether it is mail.ccsf.edu or your personal account, I wanted to pass this information along.  There is a new Gmail threat that you should be aware of.  Unfortunately, this one is pretty good and requires paying close attention.  Please read the details below or go to Fortune magazine online and search for the article. “Everyone Is Falling For This Frighteningly Effective Gmail Scam” 

 

If you get an email in Gmail, open the attachment and you are presented with a new Gmail login page, do NOT attempt to login a second time

 

I will share this information with our students too. 

 

As always, please be alert with your use of technology and stay safe.

 

Jay

 

 

Below is information from an article in Fortune magazine by Robert Hackett from January 18, 2017.

 

Here's how the swindle works. The attacker, usually disguised as a trusted contact, sends a booby-trapped email to a prospective victim. Affixed to that email, there appears to be a regular attachment, say a PDF document. Nothing seemingly out of the ordinary.

 

But the attachment is actually an embedded image that has been crafted to look like a PDF. Rather than reveal a preview of the document when clicked, that embedded image links out to a fake Google login page. And this is where the scam gets really devious.

 

Everything about this sign-in page looks authentic: the Google logo, the username and password entry fields, the tagline ("One account. All of Google."). By all indications, the page is a facsimile of the real thing. Except for one clue: the browser's address bar.

 

Even there, it can be easy to miss the cue. The text still includes the "https://accounts.google.com," a URL that seems legitimate. There's a problem though; that URL is preceded by the prefix "data:text/html."  If you were to zoom out on the address bar, you would find a long string of characters, a script that serves up a file designed to look like a Gmail login page. This is the trap.

 

As soon as a person enters her username and password into the fields, the attackers capture the information. To make matters worse, once they gain access to a person's inbox, they immediately reconnoiter the compromised account and prepare to launch their next bombardment. They find past emails and attachments, create booby-trapped-image versions, drum up believable subject lines, and then target the person's contacts.

 

 

 

-- 

Jay Field

CTO, City College of San Francisco

(415) 239-3993 – voice

(707) 849-6057 – mobile

@CCSF_CTO

ITS News and Information