Even tech-savvy Gmail users are falling victim to hackers who are stealing their login credentials as increasingly sophisticated phishing techniques are being employed.
How does it work?
The hacker first sends you an email, which includes an attachment. If you click on the attachment to preview it, a new tab opens to what looks like a Gmail login page. However it isn’t genuine. If you enter your email and password, hackers will have stolen your credentials and have full access to all of your emails.
None of the usual browser indicators of fraudulent websites are present in this method of phishing.
One of the best ways to tell if a website that is asking for your username and password is genuine or not is to look at the address bar in your browser that points to the site’s true origin. Sometimes that simple precaution isn’t enough.
This type of attack underscores the need for Web browser makers to rethink these simple trust signals used to inform users about a danger web page or exploit.