Another week, another phishing scam? Unfortunately, yes. Last week was the alarming Netflix attack; this week, Gmail users are being targeted. Like the Netflix scam, this one is concerning because of how legitimate it looks.
According to Satnam Narang, Senior Security Response Manager at Norton by Symantec, here's how the Gmail phishing scam works: You'll see an email in your inbox from one of your contacts who has already been hacked. The email looks like it contains an attachment. But if you look closely, as this Twitter user did, you'll notice that the image preview for the attachment looks slightly fuzzy. This is because there isn't actually an attachment, just an image designed to look like one.
This is the closest I've ever come to falling for a Gmail phishing attack. If it hadn't been for my high-DPI screen making the image fuzzy… pic.twitter.com/MizEWYksBh
— Tom Scott (@tomscott) December 23, 2016
If you click on the image you'll be directed to a page that looks like the standard Google sign-in page. If you log-in there, the damage is done: The hacker can read and download all of your emails and could also access accounts elsewhere.
In the past, you might have recognized a scam by the language in the email. But Narang says that there are reports that these hackers are sending emails that look realistic. In one school district, for example, team members received what looked like a copy of a practice schedule.
Still, there are things you can look out for to spot a fake. "The best way to identify this attack is to look at the address bar. In this case, look for the words 'data:/text/html' at the beginning of the URL," Narang says. "If you see this, close the browser tab and alert your friend that their account has been compromised."
Narang also recommends setting up two-step verification for your Gmail account (find out how to do so here). And follow these rules for boosting your password strength.
Above all, think twice before clicking on something. We're starting to see more sophisticated scams, so being vigilant will only help you in the long-run.
We've reached out to Google for feedback and will update this piece with their comment.
Like what you see? How about some more R29 goodness, right here?
We Finally Know What's Happening To Michelle Obama's Social Media Accounts
The Most Important Twitter Lessons Trump Should Learn From Obama