News

New Gmail Scam From Friends Is So Convincing, Even Tech Experts Are Buying It

by Alexandra Svokos

Jan. 17, 2017

REUTERS

A new email hacking scam is going around Gmail, so it's time to once again be on the lookout to protect your privacy and presidential campaign.

This new scam will make you yearn for the days when hackers were easy to catch, like all those "0p3n Th!s l!nK 4 A$$es iN yEr ArEa" emails.

Now, we have to be on the lookout — even for emails seemingly from our very own friends.

CEO of Wordfence, Mark Maunder, detailed the newest scam in a long blog post.

Basically, hackers have gotten cleverer.

They know people are wary of emails from strangers, and even strange emails from friends. So they found a way to make it look like you got a normal email from someone you know — and they use it to break into accounts.

It happens like this: You get an email from your friend. It looks like an email you've gotten before. There's an attachment on it.

You click on the attachment and it goes to a screen that looks like the Google sign-in screen. So you sign in. And by doing so, you give your email account over to the hackers, who can then use it to send an email to your friends, starting the cycle over again.

This new scam is what's called a phishing scam, which means a user is tricked into giving away account details.

Phishing is actually exactly how Russian hackers got into the email account of Hillary Clinton's campaign manager John Podesta. He received a phishing email and gave away his login details.

So, yeah, given the results of that hack, you might want to keep your eyes open.

There are some ways to be on the lookout for this.

First of all, you should have a two-factor authentication set, which means you need to do two things to login to your account. Second of all, be on the lookout for "data:text/html" in the URL bar.

Wordfence

If you see that, it means that it's bad and you should run.

Update, 1/18: In a statement released to Elite Daily, a Google spokesperson said,

We're aware of this issue and continue to strengthen our defenses against it. We help protect users from phishing attacks in a variety of ways, including: machine learning based detection of phishing messages, Safe Browsing warnings that notify users of dangerous links in emails and browsers, preventing suspicious account sign-ins, and more. Users can also activate two-step verification for additional account protection.

Citations: Has YOUR Gmail account been hacked? A new phishing scam is so convincing it has even fooled tech experts: Here's what to look out for (MailOnline), Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited (WordFence)