Wordfence researchers spotted a new phishing campaign with a high success rate for compromising accounts targeting Gmail account.
The attacker sends an email to a victim's account that may come from someone you know who had previously had their account hacked in a similar manner, according to a Jan. 12 blog post.
The phishing email may contain something that looks like the image of an attachment you would recognize from the sender. Once a victim clicks on the image instead of a preview of the attachments showing up, a new tab opens prompting them to log into their Gmail account.
At first glance, the URL for the new window contains accounts.google.com but upon further inspection one would notice the URL is a fraud. Once a user has entered their information into the phishing page attackers have access to a user's complete account and have been known to log into accounts immediately after getting the credentials. The technique has also been used to steal credentials from other platforms.
Researchers recommend users check their browser location bar, verify the protocol and hostname, and enable two-factor authentication to avoid compromise. Users can check their Gmail login history by clicking the “Details” button at the bottom right hand corner of their account pages however, researchers added that there is no sure way to know and that users should change their passwords if they suspect compromise.
Some researchers said Google can help protect users from these kind of attacks is by making two factor authentication mandatory
“Two factor authentication is the cyber safety-belt that will thwart the vast majority of hacks that target users and their bad habits, such as clicking on suspect links or using the same password across multiple applications,” Centrify Senior Director of Products and Marketing Corey Williams told SC Media.
“The sooner we all wake up to that fact, the sooner these hack headlines will subside. At some point, app providers such as Google should mandate the use of two factor authentication whenever it is technically possible.”
InfoArmor Chief Information Security Officer (CISO) Christian Lees agreed on a similar approach and told SC Media that threat actors have extreme creativity and time in their favor when it comes to the never-ending campaigns available to compromise user accounts.
“Applying several layers of security- much like enterprise organizations commonly use today - is not difficult to achieve,” Lees said.
He said the use of modern identity theft monitoring programs and safe guards to detour threat actors and safeguard unsuspecting users would also help prevent compromised.
“This level of sophisticated phishing attack has the potential to fool even the savviest of users,” Robert Capps, vice president of Business Development for NuData Security, told SC Media. “It's a sad reality that users must maintain their vigilance online by assuming we're all working and playing in a hostile environment."
Capps said that solutions like passive biometrics and behavioral analytics that never store static credential data can help avoid attacks like this because behavioral biometrics can't be mimicked or stolen and cause no extra hassle or friction to end users.
“When these tools are widely implemented, phishing scams like this will become a thing of the past because the stolen data isn't the primary information needed to unlock the account,” Capps said.
SC Media attempted to reach Google for comment but have yet to receive a response.