Warning: Gmail Phishing Attack

There has been a recent increase in an attack on Gmail users. However, these tactics could be used with just about any email service. The end result is the attackers get access to your account and automatically use your account to attack others.
 
What happens is the attackers send an email from someone you know with an image that looks like a file is attached.
 
 
After clicking on the link, a new window will open with a fake Google login screen. The address bar will show the following. This is not a website on the internet. This is a fake page created as a file in the address bar. DO NOT SIGN IN!
 
 
When you are logging into Google the address bar should look like the below image. The green lock confirms that the website identity is verified and trustworthy.
 
 
The best way to protect yourself is to setup two-factor authentication on your Google account. https://www.google.com/landing/2step/ Also don’t click on emails that include attachments that you were not expecting.
 
If you think you have been hacked change the password on your account ASAP. You can check your account activity to see if someone else has logged into your account by using the following steps. 
 
Check Account Activity
  1. Log into Gmail
  2. Scroll to Bottom
  3. Click on Details
 
If you see anything odd click on the “Sign out of all other web sessions.” If you need any assistance please contact us at 509-292-6767.
 
Images courtesy of:
 
References: