Scary new way to have your GMail password and account stolen.

Scary new way to have your GMail password and account stolen

This is an incredibly easy way for the evil doers to steal your GMail ID and GMail password. This one could even catch out security people like me! ?

So what happens is you receive an e-mail from somebody you know, who also had a GMail (note the emphasis on had). 

This e-mail will have a subject line of a previous e-mail conversation that you have had with that person and also, what appears to be an, attachment that had been attached in an earlier e-mail in that conversation. So far this e-mail is looking EXTREMELY legitimate.

That attachment, is actually an image in the e-mail with a link embedded in it and if you click on it, it will take you to, what appears to be, the GMail log-in screen, as follows:

Being asked to log-in like this would certainly trigger an alert in my mind that something was up. I would immediately check to see where this password page has come from, so I would look up at the address bar of the browser. This is what you would see:

 So that looks OK doesn’t it? https:// (nice and secure site) accounts.google.com (legitimate address) and the e-mail came from somebody I know, from an e-mail conversation I have had with them, that had an attachment, which was here again in this new e-mail. All very believable! So let me enter my GMail ID and password and … you’ve now given the hackers your credentials.

Within minutes, they will have taken over your GMail account and will be sending this nasty surprise e-mail to your friends, family and colleagues.

So how do I know it’s not a legitimate GMail login screen? Let’s take another look at that address bar:

That first part of the address (highlighted) looks a bit odd, don’t you think? It is very odd. It actually has a verrrrrrrrry long string of text, which stretches off beyond the end of what you can see in the address bar that executes a script, which brings up that log-in page.

Also, if you know your secure websites, you know that where there is proper https:// there is also a green padlock symbol like this:

That gives a high degree of confidence that the site is legitimate and properly secure.

Here’s the best possible protection for your GMail password

I’ve said this numerous times. I tell everyone I know, that they must set this up to protect their accounts. 

It is known by many names – Two factor authentication or Two step verification or Login approvals.

I’ve a whole commandment dedicated to it, so please have a read and please implement it.

This protection, won’t prevent you falling for the scam outlined above. What it will do is prevent the bad guys from accessing your account, even though they have your GMail ID and GMail Password, they won’t have your smart phone and as such won’t be able to sign in as you.

Please implement Two factor authentication on all your on-line accounts. It really gives you the best possible protection.

h/t to the folks over on WordFence for the details on this.