Cybercriminals are getting smarter and their phishing strategies are steadily evolving. However, with a little bit of research on your part, you can easily uncover most phishing scams. Here’s an example of an extremely cunning phishing strategy that can catch you off guard if you don’t protect yourself properly.
According to Wordfence security which identified the scam, the way it works is very simple: the fraudsters create an email address and disguises themselves as your friend, family member or an acquaintance, basically someone you know and then they send you an email with an attachment, usually a legitimate looking Word document or PDF. When you access the attachment to check the preview of it, you automatically get redirected to a Google sign-in page where you have to enter your username and password. The attachments are none other than embedded images that imitate real attachments which take you to a fake Google page where you need log in.
Somebody tweeted that he came really close to falling for this fraud had it not been for his high-DPI screen distorting the image.
Apart from the attachment, even Google sign-in page looks like the original (the logo, the text boxes and so on). At first glance, the URL seems totally valid, but trained eyes will notice that the page is in fact a data URI with another prefix than the standard URL “https://”
So if you click through, the attacker will get your credentials and use the same spoofing emails to trick your contacts. If you use Chrome, you must know that Google has updated the browser version and while that makes it easier to identify scams such as this one, it still doesn’t mean that this type of phishing can be completely stopped.
In order to avoid getting tricked, proceed with caution, always double-check if you feel something is “off” and check out the latest types of phishing scams. Be safe!