Fake Gmail Attachment Phishing Scam is out, Be Careful!

Most phishing scams are pretty easy to detect. This one, on the other hand, is devilishly clever and just might dupe you if you’re not careful.

This new one doing the rounds in Gmail inboxes is one that appears to include an attachment, which in reality isn’t an attachment at all. Instead, it’s just an embedded image that looks like one:


If you click it, as we’re generally wont to do when we spot an attached file, you’ll be taken to a Google sign-in page where you’re asked to enter your password. Of course, this is also fake:


What’s worse is everything about the fake Google sign-in page looks normal. The logo, text boxes, and tagline are all there. The only difference is in the address bar, where careful eyes will see that the page is actually a data URI with the prefix “data:text/html”, not a URL with the standard “https://”.

screen shot 2017 01 18 at 11 15 41 am

But if you don’t spot it, the attackers get your information and use it to send out more of the same phish emails to your contacts.

How to Protect your Gmail account?

Google has since updated Chrome to 56.0.2924, which makes it easier to spot fake forms like these, but it doesn’t exactly stop this type of scam dead in its tracks.

Of course its recommended that you always use Google Chrome to check your email, and whether you use Chrome or not, it’s important to stay vigilant and keep your eyes peeled when checking email. Plus, you should add two-step authentication, an added layer of security that can help prevent account takeovers.

Stay tuned for more Google Tips & News!


Don’t forget to Subscribe (On the Sidebar)


Get in touch

We respond within 1 hour on weekdays
EXEO Logo white

Paris. Beirut. Dubai.