Miss. attorney general Jim Hood has issued a warning to state residents to be extra vigilant after receiving a convincing Google account phishing email.
The latest Google account phishing scam attempts to fool users into revealing their passwords by warning users that they need to review the terms and conditions of their account. The reason the email claims Google requires this is due to changes made to government regulations. Users must check the new T&Cs in order to maintain compliance with government regulations.
A link to do this was supplied in the email. Clicking the link would direct users to a page that appeared to be from Google; however, this was part of the scam. Users were asked to login and were presented with a standard Google login page, but when they did, their information was recorded and sent to a hacker.
While this scam appeared convincing, there was a tell-tale sign that the request was not genuine. The request to enter account details contained a spelling error in the word “account.” This is not an error that Google would make.
Google Account Phishing Email Scams
Google account phishing email scams are being conducted with increasing frequency. Two other Google account scams were spotted in the summer and are still being used by criminals to gain access to users’ email accounts.
Gmail Phishing Scam
This scam is not new. It was first discovered by Symantec early last year but it is still active. A new batch of spam emails was sent to Gmail account holders over the summer, which fooled many people into revealing their Gmail passwords.
Gmail offers anti-spam protection, although hackers were able to bypass the controls. The emails appeared to have been sent by Gmail administrators. The messages contained a link to a Google Drive document. Clicking the URL directed users to the document, but they needed to enter their login credentials to view it. Users entered their information and were able to view the document; however, what they would not have realized is they had also just compromised their accounts.
In this case, the link they were sent in the email directed them to a folder on Google Drive that had a preview page. The preview page looked like a standard Google login prompt. When the users entered their details, the login credentials were recorded by a PHP script and the data was sent to the hacker’s command and control center located in the United Arab Emirates. That attack was made possible as the hackers were able to fake Google’s SSL encryption. The faked SSL encryption was sufficient to bypass the anti-spam controls and fooled users into revealing their login credentials by exploiting their trust in Google.
Spear phishing attack targeting Gmail account holders
The Gmail password recovery feature is being exploited by hackers using social engineering techniques to get users to provide access to their Gmail accounts. This Google account phishing email scam also exploits users trust in Google.
Provided an attacker knows the mobile phone number of a victim as well as their email address, they are able to attempt this scam.
It starts with the attacker using the password recovery feature on Gmail to resend a user’s password. The attacker enters the victims email address and opts to have the second step of the authentication process send an SMS to the user’s phone.
The user is sent a verification code to their mobile phone, which is closely followed by a text from the attacker. The attacker claims to be from the Google account management team and asks for their activation code. Since the attacker already has the email address, he or she can then use the code to complete the password reset function. Only the attacker will then be able to access the users Gmail account.