Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

Gmail phishing scam


Gmail users are being warned of a phishing attack that tricks victims into providing their Gmail credentials on a phishing page. Once the user’s Gmail account has been compromised, the attackers immediately access it and start targeting the victim’s contacts.
The malicious emails come from one of the victim’s contacts and pretend to carry a PDF document that can be previewed directly from Gmail. Once the victim clicks on the attachment image included in the body of the message, they are directed to phishing pages disguised as the Google sign-in page.
The URL of the phishing page:
“data:text/html,https://accounts/google.com,”
Since the web browser does not display any certificate warning, many users believed that the site is legitimate.
Moreover, the legitimate part of the URL is followed by white spaces, which prevent the victims from seeing suspicious strings and an obfuscated script that opens a Gmail phishing page in a new tab
Users can enable two-factor authentication (2FA) on Gmail to prevent phishers from accessing accounts once they’ve obtained the credentials.
 
Source:
Security Week
 
Security Affairs
 
International Business Times
 
 
Contact Information
E-mail:
contact@cert.ncb.mu
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis