Photo: TechYuga
Photo: TechYuga

Take note: A new phishing attack is making rounds on Gmail, and even savvy users are falling for it.

It’s being utilised right now with a high success rate, and the scam’s objective is to steal usernames and passwords for Gmail, along with other services.

It starts with an email that would appear to have been sent by someone you know, and may include an image of an attachment you recognise. Once you click on the image for a preview, a new tab opens and you will be prompted by Gmail to sign in again at a location bar that reads accounts.google.com.

Photo: Techpoint
Photo: Techpoint

Once you sign in, that’s the end of it as they will have full access to your account and will then use your account to send it to other people on your contact list in hopes of compromising more accounts.

As of now, there is no surefire way to check if your account is under attack, but there are ways to protect yourselves from it, such as activating the two-step verification for enhanced protection and turning on Safe Browsing warnings that notify you of dangerous links in emails.

Do focus on your browser’s location bar when you’re ever signing into Gmail, and it should read “https://accounts.google.com….”. If it’s an attack, the address would have “data:text/html,” before “https://accounts.google.com….”.

[Source 1, 2]