A widespread phishing scheme is targeting Gmail users across the web. The sophisticated attack looks like it is coming from a trusted source.
The email sender is disguised as someone you likely know or who at least would have you in their inbox. What’s most alarming about this scam, it seems to defy the normal ways we would sniff out a phishing attack.
Luke VanWingerden the Interim Vice Chancellor for Information Technology Services says this is one of the most widespread phishing scams he’s seen.
“I have colleagues across the nation both in education and other industries that are talking about this whether its in twitter or other emails or threads like that. The legitimacy of the messages is very alarming for a lot of the typical spam spotting techniques,” he said.
For instance, not only does the sender’s name appear as someone you likely know, but hovering over the link will not send up any red flags. Usually it shows the link goes to a bogus page, but this link appears to go to a Google site.
The only clue is the “To:” line which has a series of h’s followed by @mailinator.
Google says it has disabled offending accounts and removed fake pages.
The counter measures are likely to stop the spread but the attacker has already harvested millions of email accounts. If you think yours is one of them go to Google Accounts Settings and revoke access to apps, including the fake Google docs.”
One of the best ways to protect yourself from any phishing scam is to make sure you set up two step authentication. That way even if hackers do trick you out of your password. They likely won’t be able to use it since the system will ask for a second code, usually by text, if it detects you’re signing on from an unknown device.