Hackers are using a new phishing attack to steal Google users account passwords
Hackers are using a new phishing attack to steal Google users account passwords. The attack affects Google Chrome and Mozilla Firefox web browsers primarily.
A recent blog post from Bitdefender stated:
A particularity in how Google Chrome displays data: URIs makes Chrome users more vulnerable. The phishing attack also targets Mozilla Firefox users.
Most web browsers limit the amount of data that can be stored in a URI which makes phishing attacks easier to identify, however because Google’s Chrome browser doesn’t display all the information in a URI, it makes the phishing link harder to notice.
According to Stanescu:
This specific URI attack shows “Data:” in the Web browser instead of “Https:” which indicates that the Google site is not a real one.
Content from the imitated webpage is encoded in the string with the data URI scheme, and Base64 is used to represent the file contents. Bitdefender describe the scam as “an email allegedly sent by Google, with “Mail Notice” or “New Lockout Notice” as a subject.”
The content of the email is a reminder to the user that their account will be locked for 24 hours due to their account reaching its full capacity. As a result the user is instructed to go to a link named “INSTANT INCREASE”. This link re-directs the user to a log-in webpage which imitates that of Google’s official web log-in page. Hackers are then able to obtain the users credentials for their own use.
The interesting part about this specific phishing attack is the user will end up with data in their own web browsers address bar, without necessarily realising it. As Google Chrome doesn’t show the whole string, regular users will have a hard time figuring out that they have been targeted in a phishing attack.