Everyone is falling for this frighteningly effective Gmail scam

Fortune:

Security researchers have identified a “highly effective” phishing scam that’s been fooling Google Gmail customers into divulging their login credentials. The scheme, which has been gaining popularity in the past few months and has reportedly been hitting other email services, involves a clever trick that can be difficult to detect.

Researchers at WordFence, a team that makes a popular security tool for the blog site WordPress, warned of the attack in a recent blog post, noting that it has been “having a wide impact, even on experienced technical users.” (See these people, whose accounts were targeted.)

Here’s how the swindle works.

No, “everyone” isn’t but it is (unfortunately) a very clever phishing scam that can catch the unwary off guard. It also points out the effectiveness of two-factor authentication and password managers like 1Password. They wouldn’t load your password on the phishing site because the fake site URL wouldn’t match the real one in 1Password.

[H/T Daniel Jalkut]



  • SV650

    “It also points out the effectiveness of two-factor authentication and password managers like 1Password. They wouldn’t load your password on the phishing site because the fake site URL wouldn’t match the real one in 1Password.”

    Yes, yes, a thousand times, YES!

    • John Kordyback

      I lurvs the 1Password.

  • SockRolid

    Google users are all about oversharing anyway. Good luck with that.

  • Luscious868

    You’d have to be a dumbass to fall for this. Since when has opening an attachment required that you log back into your own account to access it? Particularly if you’re not accessing your email via the web?

    • Kristinjsimmons

      Google is paying 97$ per hour! Work for few hours and have longer with friends & family! !mj322d: On tuesday I got a great new Land Rover Range Rover from having earned $8752 this last four weeks.. Its the most-financialy rewarding I’ve had.. It sounds unbelievable but you wont forgive yourself if you don’t check it !mj322d: ➽➽ ➽➽;➽➽ http://GoogleFinancialJobsCash322ShopCareGetPay$97Hour ★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★✫★★:::::!mj322d:….,..