Let us ask you one simple question what do you do when you receive an email from one of your friend, family member or your colleagues? Do you open that email? Your answer would be: Yes we do open that. And when they have sent you an attachment with a familiar subject line then it is sure that you are going to open that attachment and see what’s there in that. In some cases, you are so eager that you forget that you are already login to Gmail and you don’t need to do it again in any case, but still, you do when you are prompted to a new Gmail login window. Let say we send a mail or query to someone. When they reply us it is obvious that we are going to open the mail and attachment if any. That’s what the hackers are doing with their new phishing technique to hack your Gmail account.
Phishing has always been a part of hacking from years but this technique has recently been developed by hackers to hack Gmail accounts even if you are a tech savvy. There are chances that you are going to open the attachment and log in again if you are asked to do that to see the attachment. It is human nature and they are getting benefited from it. What happens is that they’re going to send an email to your Gmail account and this email is going to probably come from someone you know. It is going to have an attachment or something similar. The message is going to end with the verbiage like ‘hey take a look at this picture’ or ‘click on this image’ or something like that.
Don’t forget that you are receiving this mail from your contact means his or her email id has been already compromised and they can read all you conversations. So they will mail you with such a subject which makes sure that you are going to open it. Now the moment you click on that image you’re going to be taken to what looks like a legitimate sign-in screen again.
More on Security: Hidden Tips to keep your Email account fully secure and Hack-proof
Now of a quick glance, you’re just in Gmail. Here it asks you to login to your account again. You would think ooh its fine just a login and I would see that attachment.
The problem with that is this the moment you sign in is that your account has now been compromised. They are going to log in. They’re going you’re going to take your credentials. Now they can do whatever they want to do with your account. They are going to do the same thing with your contacts. They will receive an email with your account and if they click on attachment and login then their account is also compromised.
How to beat the hackers and keep your account secure:
Everything seems legitimate in this process because whoever is doing this may have a team doing the whole process. But you can beat them with your awareness. You need to check for the URL in the address bar, whenever you see anything in front of the https
When you open the attachment and a new tab pops open, and ask you to log in, the URL will look something like:
data:text/html,https://accounts.google.com/ServiceLogin?
This is quite similar to the real Gmail URL, Which is
https://accounts.google.com/ServiceLogin?
So you can’t actually notice the difference quickly. If you notice you will see the middle part of URL is blank, which means what you think is a URL is just the first part of the URL and then there’s whole script text that occurs further along. If you open the original Google page you would see the ‘Secure’ written there which is not on this fake page.
So if you’re not paying attention to that and you know it can really catch you off guard and its happening with a high success rate. So you need to check URL first. You can also set up a two-step verification process. All Google services come with one step which is your username and password. You can add an extra layer of security by making it two-step verification process. You can add one more step in your security by having your phone with you. You need to register that number with Google and they will text you a security code on that phone number when you log in, that you’ve got to enter in order to sign into Gmail.
Now if someone tries to login to your Google account obviously he doesn’t have your phone with him so he would better not try to log in, which make your account secure. You can have a list of secure devices on which you normally log in; you don’t need to follow two-step verification every time for this but only when you try to log in from different machine or different location. This is a great way to protect yourself against this new fishing technique.