GETTY – GOOGLE
Gmail users are being targeted by this clever hack – here's how to stay protected
A new online phishing scam is targeting Gmail users around the world, security experts have warned.
Scammers are tricking customers of Google's email service into clicking on fake links which then let criminals steal their personal information.
But there’s an easy way to make sure you don’t fall victim to this phishing scam – here’s what you need to know.
The scam was detected by Wordfence, which outlined just how it works in a blog post on its website.
Victims are targeted via an email to their Gmail account, which may include an attachment or image, and might even come from a contact or company you recognise.
When clicked on, this opens a new tab with a page which closely resembles the real Gmail login page, and asks the user to sign in once more.
However the page is actually a portal for hackers to steal your email address and password information – giving them full access to your account.
The hackers can then spread their virus even further by sending emails to all of your contacts.
And even worse, if you use the same login details for other websites or accounts, the hackers will be able to gain access to these to.
The scam website can be identified by the false URL address
Google street view's most embarrassing pictures
Fri, October 26, 2012
The most embarrassing images from Google street view
Get Quotes on Home Insurance
1 of 10
Has this woman really just given birth on a Berlin pavement or is it a training exercise for UK midwives?
If you’re worried that a phishing email has landed in your inbox, there’s an easy way to make sure you don’t hacked.
The second login page, which opens when you click on the infected link or attachment, will display a web domain a world apart from what it should be.
That’s because the criminals use a tactic called “data URI” (shown above), where a legitimate-looking web address is put in the domain name, but then followed up by a load of white space which hides a malicious link.
The best way to make sure you don’t caught out is to make sure that the domain you use to log in has nothing before the hostname ‘accounts.google.com’ other than ‘https://’ and the green lock symbol.
Gmail is normally considered one of the most secure email services
Recent research from Norton by Symantec showed that that one in four Brits was affected by an online attack during the past year, with millennials and frequent travellers particularly popular targets.
Overall, cybercrime cost UK consumers £1.8 billion, showing the huge potential risk to users across the country.
If you think you have been the victim of a cyber attack, read Express.co.uk's guide to the next steps to take here.