This Gmail Attachment Scam Is Fooling Everyone, So Here's What To Look For So You Don't Fall For It

Share

For those of us who grew up with the internet, the idea of falling for email phishing scams seems unlikely. We know what's legitimate and what's clearly fake. Right? Well, beware this Gmail attachment scam, because it's tricking even the most adept users — no matter how tech-savvy they might be.

According to WordFence, a cybersecurity firm, these attachment scams first arose in 2016 and in recent weeks have been making an unwelcome re-appearance. The reason why they're so successful is because they're so unassuming — and because they target Gmail users, who currently number in the billions.

Here's how it works:

An attachment appears on an email from potentially anyone — even friends and family. Upon clicking on the download link, the user is seemingly logged out and prompted to re-enter their email account information. But this is where it gets maliciously sneaky: Hackers use a shortened link to disguise the URL, a trick like the one used in attacks on the Democratic National Committee and Hillary's Clinton's campaign chairman, John Podesta. It might look like your regular login screen... but it's not. Once you re-enter the account information on this new login screen, the hackers almost immediately gain access to your email and continue the chain of false attachments, using your actual attachments and actual subject lines.

I know. This freaked me out and made me consider moving out to the woods to homestead, too. We're all in this together.

GIPHY

Hackers also have the ability to download your emails once they've gained access, so even if you've changed your login information and gone through the steps to curb outside access, there's the potential that they've established permanent files. Awesome.

According to Github, that fake login page is also virtually identical to a real Gmail log-in page. Though it's such a minute detail, there seems to be only one surefire way to catch the fake — and that's by looking at the web address. If, instead of "https," you see a URL that starts with "data:text/html," followed by "https://accounts.google.com," do not proceed.

Whenever entering account credentials, be sure to follow the Daily Dot's advice and check on that li'l green "secure" button:

Maddy Foley/Bustle

See that key? That sweet, encouraging key? That's your dude.

Surfe safely, my friends.