A hacker sends an e-mail with an attachment.
An email lands in the target inbox from the hacked address, and here’s where it gets tricky: The phishing email uses a legitimate subject line, text, and attachments from emails already sent by that account, making it look completely legitimate.
The attackers would then nearly immediately sign in to your account and have access to all your digital correspondence and may also use it to phish other accounts in your network.
The beginning portion of the URL should read “https://accounts.google.com” but if it reads “data:text/html” before the HTTP portion of the URL, do not enter your credentials. Once you’ve done that, head to the Gmail account activity page. One of the latest scams is gaining momentum and even tricking tech-savvy experiences users.
The attacker signing into your account happens very quickly. To do so, open Gmail and click on “Details” in the bottom right hand corner of your screen.
Also, always check for a lock icon next to the address bar, this indicates that it’s a secure website. Unfortunately, the hackers in this scenario were able to replicate the appearance of the Google accounts login page in the address bar. Once clicked on, users are directed to phishing pages disguised as the Google sign-in page. According to Mark Maunder, a security expert and the CEO of Wordfence which provides security to WordPress plugin, users are being sent an email including attachments as well.
The highly-effective phishing campaign seems to be running on a sophisticated automation feature that pounces on newly compromised Gmail accounts to mount a secondary attack on users in the contact list.
Victims are targeted via an email to their Gmail account, which may include an attachment or image, and might even come from a contact or company you recognise. While this may not prevent the phishing hackers from getting a password, it will make it harder for a hacker to use those users’ accounts once they have been hacked.
Clicking on the fake attachment directs victims to a fake Google login page.
Time to change your passwords, again.
If you think your account has been compromised, change your password immediately. Narang also recommends setting up two-step verification for your Gmail account (find out how to do so here).
This shows all recent login history and now active sessions.